01-27-2014 12:16 AM - edited 03-11-2019 08:36 PM
Hello,
I need monitor the SSL VPN service in external interface of ASA5580 with 9.1.2 version from Nagios in the internal network. ¿Is possible to allow traffic to one that comes from another interface interface?.
All my interfaces has security-level 0, no nat-control, the same-security permit intra-interface and inter-interface commands are apply,
Another question. My external interface has private address and i need monitor public ip with SLA for route tracking. ¿Is possible make nat over a public ip when traffic is originated in ASA?.
Regards.
01-27-2014 12:57 AM
Hi,
To my understanding there is no supported way of enabling a host behind one interface from accessing another interface of the ASA which is what you seem to be asking.
I have only found an old document that states this limitation
Note For security purposes the security appliance does not support far-end interface ping, that is pinging the IP address of the outside interface from the inside network.
I guess you would have to somehow make a connection for the network monitoring past the ASA (and natting the source IP address of the monitor server) so the server could reach the external interface while actually connecting to it through that ASAs external interface rather than an internal interface. Naturally this would mean implementing a network setup that might probably be ideal when trying to keep the environment simple.
In the other question I presume you mean is it possible to NAT the actual interface IP address of the ASA? To my understanding this is not possible.
But if your actual firewall is behind another NAT device (as its using private IP address on its external interface) then is there a need to do anything special on this firewall? Wouldnt the device infront of the ASA handle the required NAT for the ASA to be able to monitor remote hosts for the purpose of tracking?
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide