Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,I have a question about NAT-T. Topology is below:===VPN site1===ISP===NAT device===VPN site2====PS: 1. The NAT device is provided by ISP (like TP-Link home edition) and I don’t have permission to manage it, such as allowing a specific UDP port...
Hi All,I have 2 little questions about NAT on ASA.1. The postnat address at Static command cannot be the ip address of external interface directly?For example:If the Outside’s IP address is 100.1.1.1 and the static NAT entry is:Static (inside,outside...
I have 2 two questions:The first question:I have make an ACL entry inactive for test. For example I setup an ACL: access-list out-in extended permit tcp host 2.2.2.2 host 1.1.1.1 eq telnetaccess-list out-in extended permit tcp host 2.2.2.2 host 1.1.1...
Thanks for your reply.I understand that two VPN sites will detected that there is a NAT device between them and use UDP 4500 for subsequent flow.What I concern is about the middle stupid PAT device that treats the subsequent VPN flow after negotiatio...
Hi Jennifer,Thanks for your reply. In this case, the two negotiationVPN site use source and destination port as UDP 4500. In my opinion, the middle NAT device doesn't care it. It just translates the source UDP port as usual, such as from UDP 4500 to ...
Hello malikyounas,Thanks for the reply. Your information about standard ACLs is very helpful.What I want to know is if I don't define Extended or Standard, it will be an extended ACL by default?Thanks in advance.
Hello Malikyounas,Sorry for another question:I found 2 parameters after access-list name: Extended and Standard. I noticed that if I didn't define this parameter and just write the source IP, Dest IP, Protocl and so on, when I use "show access-list",...
