03-21-2023 10:35 AM
Hi to all
I have to configure anyconnect from the guest-wlan with external dns-servers configured. NAT is needed to translate the public ip addresse of the firewall outside interface to the private ip adress of the firewall-interface terminating the guest-wlan (172.16.2.1)
show nat detail
17 (guest_clients) to (guest_clients) source static E_N_GUEST_CLIENTS E_N_GUEST_CLIENTS destination static E_H_VPN.xy_PUBLIC E_H_VPN.xy_INTERNAL
translate_hits = 22999, untranslate_hits = 22999
Source - Origin: 172.16.2.0/24, Translated: 172.16.2.0/24
Destination - Origin: x.y.z.z/32, Translated: 172.16.2.1/32
NAT should be ok, but when I open a browser from a client in the guest wlan https://vpn.xy gives a timeout. Connecting to the internal interface ip https://172.16.2.1 shows the anyconnect login prompt
Anyone already configured that on an FTD 1120?
Model : Cisco Firepower 1140 Threat Defense (78) Version 7.0.4 (Build 55)
UUID : 294b33ba-4192-11eb-8474-ea085202e07d
Rules update version : 2023-03-15-001-vrt
VDB version : 361
----------------------------------------------------
Cisco Adaptive Security Appliance Software Version 9.16(3)18
SSP Operating System Version 2.10(1.208)
Regards
Peter
03-31-2023 07:54 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide