Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
0
Replies

How to Access the Firepower SFR from cloud server through VPN

derar1990
Level 1
Level 1

‎11-11-2018 09:08 AM - edited ‎03-12-2019 07:04 AM

Hello all, 

 

I have a problem with accessing my ASA from the Cloud server(Microsoft Azure), i installed the ASDM Launcher on the cloud server which i create a vpn tunnel between it and my network.

 

PC --- Switch --- ASA --- VPNCiscoRouter --- CloudServer

 

The VPN Connetion is on the Router and the IP Addresses for the devices:
VPN-Cisco-Router Eth0/0 = Public IP Address

VPN-Cisco-Router Eth0/1 = 192.168.5.1/24  

ASA OutSide interface 1/1 = 192.168.5.2/24

ASA InSide interface 0/1    = 192.168.6.1/24

SFR Module                       = 192.168.6.5

Cloud Servers                    = 10.0.0.0 255.0.0.0

 

I can access the ASA from the Cloud Server using the interface (192.168.5.2 the outside ASA interface) but during the loading an error message appear that it can't reach the 192.168.6.5 if i click cancel it continue to the ASA interface without appearing the Firepower configuration or monitoring.

 

Is it right that i access the ASA throught the OutSide interface IP or do i need to do some NATing to use the Inside instead of it? And if not how could i Froword traffic from the the cloud 10.0.0.0 to the 192.168.6.5 and vise versa?

 

 

interface GigabitEthernet1/1
speed auto
duplex auto
no flowcontrol send on
nameif OutSide
no cts manual
security-level 0
ip address 192.168.5.2 255.255.255.0
delay 1
!
interface GigabitEthernet1/2
speed auto
duplex auto
no flowcontrol send on
nameif InSide
no cts manual
security-level 100
ip address 192.168.6.1 255.255.255.0
delay 1

!
interface Management1/1
speed auto
duplex auto
no flowcontrol send on
management-only
no nameif
no cts manual
no security-level
no ip address
delay 1

 

object network 192.168.6.0
subnet 192.168.6.0 255.255.255.0
object-group service Allow-Ports tcp-udp
port-object eq www
port-object eq 4525
port-object eq 443
port-object eq 7237
port-object eq 500
<--- More ---> port-object eq 50
port-object eq 4500
port-object eq 8080
access-list Ports extended permit tcp any any object-group Allow-Ports
access-list Ports extended permit udp any any object-group Allow-Ports
access-list Ports extended deny ip any any log

 

nat (InSide,OutSide) source dynamic 192.168.6.0 interface
access-group Ports in interface OutSide

route OutSide 0.0.0.0 0.0.0.0 192.168.5.1 1

http 0.0.0.0 0.0.0.0 InSide

http 10.0.0.0 255.0.0.0 OutSide

http server enable 443

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card