cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
97
Views
0
Helpful
4
Replies
Highlighted
Beginner

5505 to 5506 SOHO w/ VPN

Hello, I've used the ASA 5505 for years and recently got some 5506-X units in to setup as home office devices for users working from home. I knew there were some differences but I'm confused on a few things when comparing the configs between the 5505 and the 5506. I understand the bridge groups to tie the interfaces together but I'm confused about NAT and the ACL's. I've attached two sanitized configs. The 5505 setup works like a charm. Do I need these nat statements if I'm routing everything over a tunnel? Also, would I need an ACL for each interface, something like access-list inside_1 permit any any? Let me know if there are any questions.

nat (inside_1,outside) source dynamic any interface dns
nat (inside_2,outside) source dynamic any interface dns
nat (inside_3,outside) source dynamic any interface dns
nat (inside_4,outside) source dynamic any interface dns
nat (inside_5,outside) source dynamic any interface dns
nat (inside_6,outside) source dynamic any interface dns
nat (inside_7,outside) source dynamic any interface dns

 

Remote setup would  be one network on inside with a phone and PC and the DHCP for outside and device brings up tunnel. Full routing across VPN tunnel.

 

Thanks in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: 5505 to 5506 SOHO w/ VPN

Hi,

 

  I cleaned up your config, see attached.

 

Regards,

Cristian Matei.

View solution in original post

4 REPLIES 4
Highlighted
Rising star

Re: 5505 to 5506 SOHO w/ VPN

Hi,

 

  I cleaned up your config, see attached.

 

Regards,

Cristian Matei.

View solution in original post

Highlighted
Beginner

Re: 5505 to 5506 SOHO w/ VPN

Sorry, but I accidentally click the accept button. This isn't working. You can't use the BVI address in a NAT statement. 

 

Highlighted
Beginner

Re: 5505 to 5506 SOHO w/ VPN

I thought I'd add a screenshot. I did add nameif inside_1 back to in1/2.

 

tracysmithermanvpn(config)# nat (?

configure mode commands/options:
Current available interface(s):

any Global address space
inside_1 Name of interface GigabitEthernet1/2
outside Name of interface GigabitEthernet1/1
tracysmithermanvpn(config)# nat (
ERROR: % Incomplete command
tracysmithermanvpn(config)#

Highlighted
Rising star

Re: 5505 to 5506 SOHO w/ VPN

Hi,

 

   Failed to see we speak about 5506. I re-attached your configuration, as you're sending all traffic through the tunnel (including Internet traffic if there is such), there is no need for any NAT statements at all (for Internet access, or exclusions for VPN traffic).

 

Regards,

Cristian Matei.