Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,
I have a direct connection to a remote vendor from my ASA 5516 (9.5(2)) for a hosted web based application. I need to add an IP on my inside interface (192.168.2.26) to use for a PAT address to the vendor. This is the path:
Client (192.168....
Hello,
I'm in the process of replacing our ASA 5510 running 8.2 to a new 5516x running 9.5. I have about 25 L2L IPSEC VPNs currently configured. Instead of creating 25 "nat (inside,outside) lines for NAT exemptions, can I use object groups and a si...
I've got a remote site with two separate 5 Mbps MAN connections. I'm only using one of the connections and the other is a manual "swap the cable" backup. I need a VPN between sites. Could I setup two RV082 devices with a VPN on each WAN port and u...
Hi all,I've been tasked with putting printers at couple of remote locations not owned by our hospital. The locations have DSL and no IT staff. I was thinking about putting an ASA5505 (or 515 since I have a few lying around) on the printer setup as...
Hi all, I'm trying to add a second global address to my ASA 5510 (version 8.0(2)) for clients on a specific subnet. Since it's production I'd rather not experiment. I'd like anyone with a 10.255.255.x address to get the 172.16.0.1 (sanitized, obvio...
Hi Philip,
Yes, this is the replacement for the pre 8.3 nonat ACL so I don't want to nat these addresses. I was thinking for readability it would be easier having a single static nat line. Unfortunately, we're a hospital with the single ASA and can...
Hi ChristopherThanks for the quick reply. From what I've read in the manual and this forum, if I do protocol binding and one WAN link fails, I'll have to manually move the traffic to the working link. I'm trying to get as automatic as possible for ...
I figured out the problem. Your initial configuration was corrrect. Our web filter (Barracuda, inline between LAN and ASA) was was making it appear that all outgoing traffic was coming from the filter. What is strange is that when I looked at the ...
Hi Julio,I did clear xlate and clear local and even rebooted the firewall last night. Looking at the packet-tracer output (excellent tool BTW, will keep that one) it looks like the address should be translated correctly however when I go to a "wha...
Hi JulioThis is what I have now:global (OUTSIDE) 1 172.16.0.1global (OUTSIDE) 2 172.16.0.2nat (inside) 0 access-list nonatnat (inside) 2 10.255.255.0 255.255.255.0nat (inside) 1 0.0.0.0 0.0.0.0I"m still getting all traffic from the 10.255.255.0 netw...
