11-24-2015 03:52 AM - edited 03-11-2019 11:56 PM
Cisco 5505 ASA
Inside subnet is 192.168.0.x netmask 255.255.255.0,
ASA address on the inside: 192.168.0.40
Outside: The 5505 ASA has one address on the outside: 192.168.125.250 netmask 255.255.252.0 (i.e. /22)
There is a time server at address 192.168.0.101 on the OUTSIDE
There is a machine already on the inside at 192.168.0.101 which I can't move.
A server on the inside need to get time from the time server on the outside
How can I achieve this?
Thanks
Chris
11-24-2015 05:43 AM
Hello
Try this method http://www.packetu.com/2012/01/02/asa-vpn-with-address-overlap/
Thanks
Mark
11-24-2015 06:45 AM
Hello,
try the following configuration:
object network NTP-Server
host 192.168.0.101
nat (outside,inside) static 172.16.16.101
And, please, verify, that the traffic from time server 192.168.0.101 is permited, traversing from outside to inside interface of ASA. For example
access-list outside-in extended permit ip host 192.168.0.101 any
access-group outside-in in interface outside
With the following config, time server on outside should be available from inside net of ASA on IP address 172.16.16.101.
Not sure, if it works. But packet tracer results on ASA shows, that it should work...
11-24-2015 07:04 AM
Hi Boris
Thanks, more stuff to try! It all help the learning process, even if it doesn't work.
Regards
Chris
11-24-2015 07:02 AM
Thanks Mark
I think I understand that but it seems to be based on the whole inside subnet having access?
I need to limit access to a few hosts inside - how do I do that?
I'm new to this ASA stuf and struggling a bit...!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide