My company has task me with connection two ASA 8.4 with public ip address to VPN into one another sites. My question is I need to connect and configure two static public ip addresses to one another and test the connection between both ASA running 8.4. I have been told that I need twice Nat the two ips to accomplish this task? In addition, I need to configure a static Pat to allow ip public address to ports 80 and 443 for email only. My ips are 192.168.100.5 to 192.168.100.6. they need to be static only, I sat both to security-level 100. Right know I'm am trying to test the configurations on one of our ASA 5510 in the lab and an Extreme Network switch, before running them on our live network so far I have? On the ASA, I configure the network object as follows: Ethernet 0/1 nameif Test security-level 100 ip address 192.168.100.5/30 no shut network object obj-inmapped-192.168.100.5 host 192.168.100.5 object network obj-outmapped-192.168.100.6 host 192.168.100.6 Nat (inside, outside) source static static obj-inmapped-192.168.100.5 source static destination obj-outmapped-192.168.100.6 The Static PAT Configure object network obj_Test01_Pat-80 host 192.168.5.129 nat (inside, outside) static interface service tcp 80 80 object network obj_Test01_Pat-443 host 192.168.5.129 nat (inside, outside) static interface service tcp 443 443 Will this work in my test bed, or do I need to add more commands statements to complete this task? This is my first time working with ASA’s, this is a new job for me, and this could be change to prove myself to my boss. I would be very grateful for any help. Thanks newbie.
... View more
Hi, Cisco ASA (and the older PIX firewall) arent really the most user friendly devices to start out cold with. To even test the L2L VPN portion you would already need 2 ASAs or another VPN device to configure the L2L VPN To my understanding you want to do following things Connect 2 different sites with L2L VPN (Lan to Lan VPN) Also configure Port forwarding for some Web services on your local ASA First of all for L2L VPN configurations you will need to decide or find out the following things (Unless there is already some existing L2L VPN?) VPN device public IP address for both device Local Networks on both site which you want to use the L2L VPN L2L VPN Phase1 and Phase2 parameters etc The configurations you mention above seem to be kinda strange. Im not sure what you are trying to accomplish with the first one. Also the object names dont match with the actual NAT commands used object names The Port Forward configurations seem ok configuration format wise, but I'm not sure what the source IP addresses used in the configurations are (192.168.5.x) since in the previous one they are totally different. Naturally I might just be mistaken and you have 2 different subnets behind the ASA We would need alot more information and clarification on the situation before we can give any instructions. - Jouni
... View more