01-19-2016 10:03 PM - edited 03-05-2019 03:09 AM
Hi,
We have Cisco ASA 5505 pix firewall and I have done the basic configuration and enabled DHCP on the firewall.
What i would like to know is, is there a way to test if the DHCP and internet from this firewall is working fine by connecting it into our existing network and without taking any downtime?
This is to test that the firewall works fine with current setup and ready to go in production.
Any help is highly appreciated
Thanks,
Sagar
Solved! Go to Solution.
01-25-2016 12:57 AM
You've obfuscated so much information I can't really help. I don't know what IP addresses are used for what.
Is outside_cryptomap_1 or outside_cryptomap_2 the VPN to the cloud service?
01-25-2016 01:00 AM
outside_cryptomap_2 is the VPN to the cloud
Thanks
01-25-2016 01:09 AM
I can't generate any config for you because there isn't enough information.
You need to extend outside_cryptomap_2 to include the pool used for VPN users, on both ends of the VPN.
You then need to create a rule saying not to NAT traffic between the two VPNs, and an access rule to allow it.
01-25-2016 01:42 AM
So,below are the networks i have
192.168.104.0/24 - Internal N/W
10.169.0.0/16 - Cloud N/W
192.168.125.1-192.168.125.10 (/24) - VPN Pool
Let me know if this info helps
Thanks
01-25-2016 02:37 AM
Hi Philip,
Apparently, I figured out something and it worked. I think I didn't allowed the VPN pool network object and hence the issue.
Its sorted.
Thanks a lot for all your help
Just a quick question, now, if we want to allow some other site-to-site vpn to remote user? same process? can we add multiple IPs?
Thanks a lot
01-25-2016 03:02 AM
Hi Philip,
So, I got a problem :(
Now, the VPN is working fine but site-to-site VPN is not working. Like from internal network I cannot ping to any of the servers in cloud but strangely I'm able to connect once I VPN to asa.
Let me know what i messed up. Sorry to bug you again
Thanks
01-25-2016 10:41 AM
I'm going to guess that the NAT rules are not correct. Look in the log and generate some traffic. When it is broken see if you are getting NAT or xlate errors. That will confirm it.
02-05-2016 10:41 PM
Hi Philip,
Everything is working fine. I need to go bit deeper in this and allow my public IP of my AWS server to be accessed using VPN.
So, lets say one of my SQL server located in AWS has public IP 52.64.10.1 and I can access this server using my office WAP IP.
So now, if someone from outside doesn VPN to CiscoASA then they shud be able to rdp to 52.64.10.1
I know this has to do something with routing but unable to figure out how
is this possible? please let me know
Thanks
02-06-2016 10:14 PM
Before we were talking about using the site to site VPN you add to Amazon.
If you want them to access it via your user to site VPN and then pop out over the Internet then add the public IP addresses of your AWS servers to the split tunnel ACL. You will also need to adjust your NAT configuration.
02-09-2016 05:25 PM
Hi Philip,
I did added the server IP to split tunnel ACL but still users unable to access servers using public IP.
Can you please share the config to adjust NAT.
Thanks
02-09-2016 05:42 PM
It will be something like (where vpn-network=an object representing your VPN users):
object network vpn-network
nat (any,outside) dynamic interface
02-09-2016 08:39 PM
Thanks this worked. :-)
Just curious to know, I hope my network is not exposed to outside world by doing these configs and allowing access thru internet?
Really appreciate all your help
Thanks
02-09-2016 08:50 PM
It is only exposed to VPN users which are already authenticated. So nothing to worry about with these changes.
01-25-2016 10:47 AM
Can you confirm in the log that it is a NAT or xlate problem.
Can you supply the current NAT ruleset please and related objects.
01-20-2016 05:34 PM
Hi,
What is ip name-server for?
also, how do i configure dns of ISP?
I'm going to server DHCP from the firewall itself. So, clients should get DNS of ISP from the firewall itself.
Thanks for help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide