Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have ASA5506-X running 9.16.4Gi1/1 will be used as outside interfaceGi1/2 & Gi1/3 will be member of bridge group 1.interface BVI1 will be used as inside interface.Does the following interface config looks ok?Do I need to configure security level ...
I want to NAT single inside IP to multiple outbound IP's based up on the destination subnet. For example :
My appserver should be natted to 10.10.1.10 for packets tx/rx toward customer1My appserver should be natted to 10.10.2.10 for packets tx/rx tow...
One of our customers wants to connect to us using a private link.Customer wants to have all the communications encrypted over this link. Customer had suggested GRE tunnel with IPSEC.MPLS provider will deliver a RJ45 link to us as well as towards our ...
I have Cisco ASA5506 running on 9.9. We have multiple L2L VPN tunnels going on. The PCI scan is failing because UDP port 500 is open for anyone. Few of the posts are talking about using the control-plane ACL. I have never used it, is the following co...
Hello, We are using ASA5506-X (9.9.2). We have few policy based IKEv1 tunnels and one route based IKEv2 tunnel. I received a call this morning that L2L VPN tunnel with one of our customer is down. I looked at the debug and found following entry in th...
Firewall is in routed mode. There is no natting involved. Packets will for forwarded between inside/outside interface without natting. Both inside and outside will be using same security level, access list will be used on both interfaces to police th...
Rich,
Appreciate your response, I had already gone through the article you posted but I could not comprehend it. I changed the access list to post-
NAT IP
in my lab setup and it worked.
Could you please elaborate? What are my options if I have to use
NAT
with IPSEC?I have done
natting
on vpn traffic various times, my experience is more on
ASA
. This is the first time, I have to deal with this stuff on a router.
Guys,
Appreciate all the help. One more question. I also have to apply the crypto map to the outside interface lets say gi0/0.10. The crypto map ACL should include the pre-
NATsource IP or post-NAT source IP?
MHM,
I have no doubt on your expertise. In fact, I have a great respect for you because I have benefited from your responses to various posts.This article explains the different between access-list vs route-map and decided to use route-map based on t...
