Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Upgrading from PIX (6.3) to an ASA 5515 (9.4). Went to make switch other day, and had to backout due to a specific application inside the DMZ not being able to reach an outside destination host. Here is scenario:Src Host 172.16.10.10 behind DMZ inter...
Have an ASA5520 running 9.17 code. It currently has the following NAT statement in it:
object network obj-10.10.1.1 nat (inside,DMZ) static 172.252.252.252
I have a need where I need this 10.10.1.1 host to be able to communicate with 2 specific hos...
I have a question on setting up a Lan to Lan VPN and whether or not existing routing will prevent the tunnel from working correctly. Here is the setup. Both local and remote firewalls are ASA 5520's (8.2) . The local subnet will have its local encryp...
I need to setup a L2L IPSEC tunnel between 2 ASA firewalls. The communication will be bi-directional. The encrypted traffic will consist of a single host in a DMZ communicating with a single remote host. Let's assume host A at site A is 10.10.10.20 a...
On ASA running 8.2, firewall is configured to PAT all inside networks when going out to the internet, to the interface of the outside firewalls interface.Setting up a new VPN, if I don't setup an ACL to bypass NAT, can the defined inside hosts in my ...
thanks for the reply. I don't think the remote host has the arp issue. I failed to mentiion that the remote host 192.168.1.1 is NOT located locally to the ASA's outside interface. In other words, its a remote network that the ASA only reaches by send...
Thank you. That helps. One more follow up, I can do that same NAT and use a source subnet also, right? meaning if I decided I wanted everything on 10.10.1.0/24 subnet to NOT get translated when talking to 192.168.1.1 and 192.168.1.2, could I just cha...
Thanks very much for that help. One more question. What if I wanted to add a 2nd VPN tunnel, as my example above is for testing. Once that it setup, I also need to setup a 2nd VPN for production traffic. The local host at Site A will remain the same,...
"Personally if you are already doing PAT to a public IP I would just use that." so if I simply entered no NAT statements and built the VPN config as normal, then traffic from my local server would get NAT'd to the same PAT address (firewalls outside...
