Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1897
Views
0
Helpful
9
Replies

How to translate CLI NAT lines into ASDM usage

Go to solution
BrentMarini79128
Level 1
Level 1

‎08-07-2020 04:30 PM

Howdy all,

 

I am unfamiliar with Cisco NATting, and the Cisco CLI more specifically.

I have to add the following via the ASDM;

 

--> nat (Inside,Telus) source static DSG-Inside DSG-Inside destination static VPNPool VPNPool
--> nat (DMZ,Telus) source static Inside-DMZ Inside-DMZ destination static VPNPool VPNPool
--> nat (DMZ,Telus) source static NVR interface service NVR-RTSP-SOURCE NVR-RTSP-SOURCE
--> nat (DMZ,Telus) source static NVR interface service NVR-TCP-SOURCE NVR-TCP-SOURCE
--> nat (Telus,Telus) source dynamic VPNPool interface 

 

Would anyone be able to explain which entry goes where in this;

 

 

I have been working with a couple of you fine gents already on this, but I didn't want to muddy the original posting with too much info.

 

Thank you to any takers!!

Best Regards,

Sozo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎08-07-2020 07:05 PM

Hi

Dumb question: why not configuring these NATs over CLI directly as you already have the commands?

Let's take the first nat:
nat (Inside,Telus) source static DSG-Inside DSG-Inside destination static VPNPool VPNPool

Inside = source interface
Telus = destination interface
DSG-Inside (1st object right after the word static) = source address
DSG-Inside (2nd object after the 1st DSG-Inside object) = source address in translated packet section
VPNPool (1st object right after destination static) = destination address
VPNPool (2nd object after the 1st VPNPool object) = destination address in translated packet section.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎08-07-2020 07:05 PM

Hi

Dumb question: why not configuring these NATs over CLI directly as you already have the commands?

Let's take the first nat:
nat (Inside,Telus) source static DSG-Inside DSG-Inside destination static VPNPool VPNPool

Inside = source interface
Telus = destination interface
DSG-Inside (1st object right after the word static) = source address
DSG-Inside (2nd object after the 1st DSG-Inside object) = source address in translated packet section
VPNPool (1st object right after destination static) = destination address
VPNPool (2nd object after the 1st VPNPool object) = destination address in translated packet section.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
BrentMarini79128
Level 1
Level 1
In response to Francesco Molino

‎08-07-2020 07:17 PM

Salute Francesco,

The answer to your question is simply, fear :)

I am completely new to Cisco, and as such using the CLI gives me pause.

The ASDM however, I can see how to immediately revoke a change that I've made., with no chance of something hidden getting in the way.

I know Sonicwall better, which auto NAT's things for you, however in this new role, it's ASA all the way, so I'm learning.

Thank you very much for your assistance Francesco!

I will give this a shot.

Best Regards!

Brent 

0 Helpful

Go to solution
BrentMarini79128
Level 1
Level 1
In response to Francesco Molino

‎08-07-2020 08:00 PM - edited ‎08-07-2020 08:34 PM

Thank You Francesco, those are bulletproof instructions, I truly appreciate that :) I have written a lot of documentation in my day and thats some quality right there.

You brought the VPN rules home.

Thank you very much!

Brent.

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to BrentMarini79128

‎08-07-2020 08:59 PM

Thanks.
Did you edit your part? I received a mail notification with your answer starting the same way but ending with a question and i don't see it anymore.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
BrentMarini79128
Level 1
Level 1
In response to Francesco Molino

‎08-07-2020 09:05 PM

Hi Francesco, I did edit, I figured it out, (cloning the secondary failover ISP settings which work) sorry for the confusion on that.

However our VPN access is still not working, when I go to vpn.dsgauto.ca it is supposed to prompt for anyconnect but the page just times out.

Would you be able to give me an idea as to why?

 

Thank you!

Brent

0 Helpful

Go to solution
BrentMarini79128
Level 1
Level 1
In response to Francesco Molino

‎08-07-2020 09:20 PM

I may have it figured, I will update shortly..

Thank you,

Brent

0 Helpful

Go to solution
BrentMarini79128
Level 1
Level 1
In response to Francesco Molino

‎08-07-2020 09:32 PM - edited ‎08-07-2020 09:34 PM

No, my idea didnt work out :) 

Do you know what I may have to change for vpn.dsgauto.ca to go live? My Rules all seem correct to me, matching the ones on the secondary ISP which work.

Though this seems like maybe a DNS issue? I cant see how it ties into the ASA..

Thank you again,

Best regards,

Brent

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to BrentMarini79128

‎08-07-2020 09:44 PM

From asdm, under file menu, you can show the whole config (show running). Can you put this config into a text file and attach it to the post please? Be careful and remove all confidential data from there.

Otherwise send it to me in private message.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
BrentMarini79128
Level 1
Level 1
In response to Francesco Molino

‎08-07-2020 09:51 PM

PM sent, thank you very much man!

Brent

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents