Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I wanted to see if something like this would work.The existing config works fine and works like so:access-list remoteT1_AL extended permit ip object-group remoteT1_NAT_local object-group remoteT1_NATglobal (local1) 30 10.3.90.55nat (local) 30 access-...
Thanks for the reply, they Crypto ACL doesn't match completely, because the remote VPN needs to access items on the local int as well as off of the local1 int. As far as leaving the additional hosts out I just figured it would be redundant to have 10...
object-group network INT_CHS network-object 172.28.26.0 255.255.255.0object-group network INT_NAT description local IP group for INT NAT network-object host 10.10.53.77object-group network remotet1_NAT_local description local hosts for remote T1 netw...
I apologize, the reason why I didn't was because there aren't any ACLs pertaining to the nat (public) 0 and a few others. Someone else threw them on the config for no reason I suppose? I dropped that statement and a few others.interface Ethernet0/0 n...
I did actually use a second public address for the standby ASA, but as it was mentioned before I don't think you don't need to. You can monitor whichever interfaces you want.i.e., the assigned internal address is the standby's own address until it ...
I'm running active/standby on 2 ASAs now and after you do the basic config for the primary, you in put 1 or 2 commands into a factory default of the secondary and it tells you that it has found a mate and the config is copying. Once its done there is...
