08-07-2020 04:30 PM
Howdy all,
I am unfamiliar with Cisco NATting, and the Cisco CLI more specifically.
I have to add the following via the ASDM;
--> nat (Inside,Telus) source static DSG-Inside DSG-Inside destination static VPNPool VPNPool
--> nat (DMZ,Telus) source static Inside-DMZ Inside-DMZ destination static VPNPool VPNPool
--> nat (DMZ,Telus) source static NVR interface service NVR-RTSP-SOURCE NVR-RTSP-SOURCE
--> nat (DMZ,Telus) source static NVR interface service NVR-TCP-SOURCE NVR-TCP-SOURCE
--> nat (Telus,Telus) source dynamic VPNPool interface
Would anyone be able to explain which entry goes where in this;
I have been working with a couple of you fine gents already on this, but I didn't want to muddy the original posting with too much info.
Thank you to any takers!!
Best Regards,
Sozo
Solved! Go to Solution.
08-07-2020 07:05 PM
08-07-2020 07:05 PM
08-07-2020 07:17 PM
Salute Francesco,
The answer to your question is simply, fear :)
I am completely new to Cisco, and as such using the CLI gives me pause.
The ASDM however, I can see how to immediately revoke a change that I've made., with no chance of something hidden getting in the way.
I know Sonicwall better, which auto NAT's things for you, however in this new role, it's ASA all the way, so I'm learning.
Thank you very much for your assistance Francesco!
I will give this a shot.
Best Regards!
Brent
08-07-2020 08:00 PM - edited 08-07-2020 08:34 PM
Thank You Francesco, those are bulletproof instructions, I truly appreciate that :) I have written a lot of documentation in my day and thats some quality right there.
You brought the VPN rules home.
Thank you very much!
Brent.
08-07-2020 08:59 PM
08-07-2020 09:05 PM
Hi Francesco, I did edit, I figured it out, (cloning the secondary failover ISP settings which work) sorry for the confusion on that.
However our VPN access is still not working, when I go to vpn.dsgauto.ca it is supposed to prompt for anyconnect but the page just times out.
Would you be able to give me an idea as to why?
Thank you!
Brent
08-07-2020 09:20 PM
I may have it figured, I will update shortly..
Thank you,
Brent
08-07-2020 09:32 PM - edited 08-07-2020 09:34 PM
No, my idea didnt work out :)
Do you know what I may have to change for vpn.dsgauto.ca to go live? My Rules all seem correct to me, matching the ones on the secondary ISP which work.
Though this seems like maybe a DNS issue? I cant see how it ties into the ASA..
Thank you again,
Best regards,
Brent
08-07-2020 09:44 PM
From asdm, under file menu, you can show the whole config (show running). Can you put this config into a text file and attach it to the post please? Be careful and remove all confidential data from there.
Otherwise send it to me in private message.
08-07-2020 09:51 PM
PM sent, thank you very much man!
Brent
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide