cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

315
Views
0
Helpful
31
Replies
VIP Advisor

You've obfuscated so much

You've obfuscated so much information I can't really help.  I don't know what IP addresses are used for what.

Is outside_cryptomap_1 or outside_cryptomap_2 the VPN to the cloud service?

Beginner

outside_cryptomap_2 is the

outside_cryptomap_2 is the VPN to the cloud

Thanks

VIP Advisor

I can't generate any config

I can't generate any config for you because there isn't enough information.

You need to extend outside_cryptomap_2 to include the pool used for VPN users, on both ends of the VPN.

You then need to create a rule saying not to NAT traffic between the two VPNs, and an access rule to allow it. 

View solution in original post

Beginner

So,below are the networks i

So,below are the networks i have

192.168.104.0/24 - Internal N/W

10.169.0.0/16 - Cloud N/W

192.168.125.1-192.168.125.10 (/24) - VPN Pool

Let me know if this info helps

Thanks

Beginner

Hi Philip,

Hi Philip,

Apparently, I figured out something and it worked. I think I didn't allowed the VPN pool network object and hence the issue.

Its sorted.

Thanks a lot for all your help

Just a quick question, now, if we want to allow some other site-to-site vpn to remote user? same process? can we add multiple IPs?

Thanks a lot

Beginner

Hi Philip,

Hi Philip,

So, I got a problem :( 

Now, the VPN is working fine but site-to-site VPN is not working. Like from internal network I cannot ping to any of the servers in cloud but strangely I'm able to connect once I VPN to asa.

Let me know what i messed up. Sorry to bug you again

Thanks

VIP Advisor

I'm going to guess that the

I'm going to guess that the NAT rules are not correct.  Look in the log and generate some traffic.  When it is broken see if you are getting NAT or xlate errors.  That will confirm it.

Beginner

Hi Philip,

Hi Philip,

Everything is working fine. I need to go bit deeper in this and allow my public IP of my AWS server to be accessed using VPN.

So, lets say one of my SQL server located in AWS has public IP 52.64.10.1 and I can access this server using my office WAP IP.

So now, if someone from outside doesn VPN to CiscoASA then they shud be able to rdp to 52.64.10.1

I know this has to do something with routing but unable to figure out how

is this possible? please let me know

Thanks

VIP Advisor

Before we were talking about

Before we were talking about using the site to site VPN you add to Amazon.

If you want them to access it via your user to site VPN and then pop out over the Internet then add the public IP addresses of your AWS servers to the split tunnel ACL.  You will also need to adjust your NAT configuration.

Beginner

Hi Philip,

Hi Philip,

I did added the server IP to split tunnel ACL but still users unable to access servers using public IP.

Can you please share the config to adjust NAT.

Thanks

VIP Advisor

It will be something like

It will be something like (where vpn-network=an object representing your VPN users):

object network vpn-network
  nat (any,outside) dynamic interface
Highlighted
Beginner

Thanks this worked. :-)

Thanks this worked. :-)

Just  curious to know, I hope my network is not exposed to outside world by doing these configs and allowing access thru internet?

Really appreciate all your help

Thanks

VIP Advisor

It is only exposed to VPN

It is only exposed to VPN users which are already authenticated.  So nothing to worry about with these changes.

VIP Advisor

Can you confirm in the log

Can you confirm in the log that it is a NAT or xlate problem.

Can you supply the current NAT ruleset please and related objects.

Beginner

Hi,

Hi,

What is ip name-server for?

also, how do i configure dns of ISP?

I'm going to server DHCP from the firewall itself. So, clients should get DNS of ISP from the firewall itself.

Thanks for help

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here