08-07-2020 04:30 PM
Howdy all,
I am unfamiliar with Cisco NATting, and the Cisco CLI more specifically.
I have to add the following via the ASDM;
--> nat (Inside,Telus) source static DSG-Inside DSG-Inside destination static VPNPool VPNPool
--> nat (DMZ,Telus) source static Inside-DMZ Inside-DMZ destination static VPNPool VPNPool
--> nat (DMZ,Telus) source static NVR interface service NVR-RTSP-SOURCE NVR-RTSP-SOURCE
--> nat (DMZ,Telus) source static NVR interface service NVR-TCP-SOURCE NVR-TCP-SOURCE
--> nat (Telus,Telus) source dynamic VPNPool interface
Would anyone be able to explain which entry goes where in this;
I have been working with a couple of you fine gents already on this, but I didn't want to muddy the original posting with too much info.
Thank you to any takers!!
Best Regards,
Sozo
Solved! Go to Solution.
08-07-2020 07:05 PM
08-07-2020 07:05 PM
08-07-2020 07:17 PM
Salute Francesco,
The answer to your question is simply, fear :)
I am completely new to Cisco, and as such using the CLI gives me pause.
The ASDM however, I can see how to immediately revoke a change that I've made., with no chance of something hidden getting in the way.
I know Sonicwall better, which auto NAT's things for you, however in this new role, it's ASA all the way, so I'm learning.
Thank you very much for your assistance Francesco!
I will give this a shot.
Best Regards!
Brent
08-07-2020 08:00 PM - edited 08-07-2020 08:34 PM
Thank You Francesco, those are bulletproof instructions, I truly appreciate that :) I have written a lot of documentation in my day and thats some quality right there.
You brought the VPN rules home.
Thank you very much!
Brent.
08-07-2020 08:59 PM
08-07-2020 09:05 PM
Hi Francesco, I did edit, I figured it out, (cloning the secondary failover ISP settings which work) sorry for the confusion on that.
However our VPN access is still not working, when I go to vpn.dsgauto.ca it is supposed to prompt for anyconnect but the page just times out.
Would you be able to give me an idea as to why?
Thank you!
Brent
08-07-2020 09:20 PM
I may have it figured, I will update shortly..
Thank you,
Brent
08-07-2020 09:32 PM - edited 08-07-2020 09:34 PM
No, my idea didnt work out :)
Do you know what I may have to change for vpn.dsgauto.ca to go live? My Rules all seem correct to me, matching the ones on the secondary ISP which work.
Though this seems like maybe a DNS issue? I cant see how it ties into the ASA..
Thank you again,
Best regards,
Brent
08-07-2020 09:44 PM
From asdm, under file menu, you can show the whole config (show running). Can you put this config into a text file and attach it to the post please? Be careful and remove all confidential data from there.
Otherwise send it to me in private message.
08-07-2020 09:51 PM
PM sent, thank you very much man!
Brent
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: