Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm pretty familiar with setting up a VPN but a customer asked if we could NAT our servers to a range they provide and I'm not sure how this can be implemented.Here's our setup (sanitized):our side (10.1.1.0/24) <---> ASA <---> router <---> Internet ...
We're using an ASA 7.0 to establish L2L VPN tunnels and I'd always have the remote side initiate the tunnel (say pinging our server from one of the customer's server) but I can never get the tunnel to establish by initiating it on our side (pinging t...
We're using an ASA 7.0 to establish L2L VPN tunnels and I'd always have the remote side initiate the tunnel (say pinging our server from one of the customer's server) but I can never get the tunnel to establish by initiating it on our side (pinging t...
I have a L2L VPN tunnel from our ASA to a customer's Juniper Netscreen. The tunnel is up but whenever the SA time lifetime is reached, the tunnel resets itself (it drops the tunnel). It is able to re-establish itself automatically, but the customer...
From a host in our inside subnet, using active FTP we can connect to an FTP server out in the Internet but cannot get a list of files. Passive FTP works fine.I do have "fixup protocol ftp 21" which I thought is supposed to fix this very issue but I ...
That server streams data to our customers (including the one who wants the NAT).I tried removing the NAT statement, static (dmz,external) 10.1.1.11 10.1.1.11 255.255.255.255 via ASDM and it says:"The operaiton you are trying to perform will result in...
Hello Frederico,I do have that statement:static (dmz,external) 10.1.1.11 10.1.1.11 netmask 255.255.255.255It looks like all of our hosts have similar statements. I believe that is how ASA works - it does static NAT for all the hosts to pass traffic....
I'm still not quite clear on what I need to do.I was able to set up the access listaccess-list 150 permit ip host 10.1.1.11 host 10.1.3.31but when I tried to add the nat viastatic (dmz,external) 10.1.2.21 access-list 150I get:INFO: overlap with exist...
Hello Frederico,Thank you for replying.When you wrote: "Make sure there are no NAT 0 access-list statement for the above IPs.", did you mean all the ones involved?I do have a NAT 0 for the 10.1.1.0/24 subnet (defined as dmz):nat (dmz) 0 access-list d...
