Hi Boris

cglendinning · ‎11-24-2015

Cisco 5505 ASA

Inside subnet is 192.168.0.x netmask 255.255.255.0,

ASA address on the inside: 192.168.0.40

Outside: The 5505 ASA has one address on the outside: 192.168.125.250 netmask 255.255.252.0 (i.e. /22)

There is a time server at address 192.168.0.101 on the OUTSIDE

There is a machine already on the inside at 192.168.0.101 which I can't move.

A server on the inside need to get time from the time server on the outside

How can I achieve this?

Thanks

Chris

WWRDSCANSAFE · ‎11-24-2015

Hello

Try this method http://www.packetu.com/2012/01/02/asa-vpn-with-address-overlap/

Thanks

Mark

Boris Uskov · ‎11-24-2015

Hello,

try the following configuration:

object network NTP-Server

 host 192.168.0.101

 nat (outside,inside) static 172.16.16.101

And, please, verify, that the traffic from time server 192.168.0.101 is permited, traversing from outside to inside interface of ASA. For example

access-list outside-in extended permit ip host 192.168.0.101 any

access-group outside-in in interface outside

With the following config, time server on outside should be available from inside net of ASA on IP address 172.16.16.101.

Not sure, if it works. But packet tracer results on ASA shows, that it should work...

cglendinning · ‎11-24-2015

Hi Boris

Thanks, more stuff to try! It all help the learning process, even if it doesn't work.

Regards

Chris

cglendinning · ‎11-24-2015

Thanks Mark

I think I understand that but it seems to be based on the whole inside subnet having access?

I need to limit access to a few hosts inside - how do I do that?

I'm new to this ASA stuf and struggling a bit...!

configure ASA to get arround a clash of IP address between inside and outside