Port forward between and Cisco ASA 5525-X and Cisco Meraki MX68W over L2L tunnel
I need to create a port forward on our public IP on a Cisco ASA to antoher site which has a Cisco Meraki MX. I need to access a service behind the LAN on the Meraki side but from the public IP of the ASA. There is a vpn tunnel between us and that is fine.
I setup many port forwards from the public IP on ASA to internal LAN devices on the LAN side of the ASA successfully but this has got me stumped.
I cannot do a port forward simply on the public IP of the Meraki as it's internet is 4G and they block ports and share the public IP with many subscribers I am told.
I thought it's simply be a case of the usual
nat (inside,outside) static Public_IP service udp port port
and the access list to allow
access-list outside_in extended permit udp any host the_far_end_device eq port
This is what I would normally do for devices on the Lan side of the ASA.
This is however a device over the VPN tunnel.
I can see traffic coming in but i don't think it goes over the vpn and so fails to connect.
Re: Port forward between and Cisco ASA 5525-X and Cisco Meraki MX68W over L2L tunnel
I am not sure about the Meraki Side. But you have create a NAT rule with (outside,outside) For example.
nat (outside,outside) source static any VPN destination static PUB PRI
Explanation: VPN: This is the IP address from the Encryption Domain for the VPN PUB: Public IP which you want to be accessible over the Internet. PRI: Private IP across the VPN which host the Service.
Along with this you need to allow traffic on the same-security-traffic permit intra-interface. with the following command.
same-security-traffic permit intra-interface
The access list will required for outside interface as you normally do with NAT a public server. The above mentioned configuration is just to give you idea. If you need more help, I would request you to provide more details.
SymptomsOutage during FTD code upgrade DiagnosisThe FTD code upgrade thru FMC will cause the traffic interruptionSolutionBelow process will upgrade the FTD with no downtime and no traffic interruption.Before the upgrade process:Download the FTD platf...
Process for FTD migration with PolicyAs per Cisco documentation, we have below steps for for de-register and register process. Please follow below steps :Step 1 : Break HA pair and de-register your FTD from FMC (old).Step 2 : Register your primary FTD wit...
Hi There,Is there a relationship between the hardware of the Cisco ASA 5505 FWs (V02) and the 9.x software version? Multiple ASA have been successfully updated with the same software. The ASAs that have been updated without any problems are V06 versi...
Dear Cisco Customers and Partners,
We know that the Cisco Identity Services Engine (ISE) is a critical element of your network security and so stability is of paramount importance. As a result, many of you asked us for a suggested release given sev...
Over 100-year-old Yokogawa Engineering Asia deploys Cisco Advanced Malware Protection (AMP) to shield itself against cyber attacks. With Cisco Talos threat intelligence, it stays ahead of the latest malicious behavior on the Internet. Learn more at http:/...