About shinakuma123

shinakuma123 · 08-31-2016

Hi Guys I have a ASA version 9.5 (2), supports EEM. I would like to configure EEM to reset a site to site VPN tunnel every 30 min, essentially the following commands to be run:Action 1 = Clear crypto isakmp saAction 2 = Clear cryptp ipsec sa peer x.x...

shinakuma123 · 07-10-2016

Hi All I have a pair of Failover ASA5520's, with the following interfaces:- Outside- Inside- WAN- Management Both the primary and secondary unit each have a physical connection to the other end device apart from the WAN interface. The WAN interface o...

shinakuma123 · 10-25-2015

HiAm trying to set up a S2S VPN on a ASA V8.0.I want to NAT 10.1.1.1 to 20.2.2.2 (due to IP conflict on the other end) then NAT-exempt this to go over the VPN to the remote subnet of 30.3.3.3 10.1.1.1 sits on "inside" interface, the VPN cryptomap i...

shinakuma123 · 09-27-2015

HiI have an ASA version 8.0 which am going to upgrade to V 8.4. I believe the NAT statements are different, can someone assist with what the NAT conversion code for the below ver8 NATs to 8.4 will be:global (MS-CLOUD) 20 10.10.10.1-10.10.10.63 netmas...

shinakuma123 · 09-19-2015

HiI have setup many site to site VPN's but never ran into a overlapping issue before, i need advice on configuration / resolution for the following: Site A (Our site - ASA 5505 Version 8.4)Local Subnets:10.10.105.0 /2410.20.105.0 /24 Site B (remote f...

shinakuma123 · 09-02-2016

thank you Joe. Is it a matter of just configuring the above in global configuration mode? and it will run from there forth or do I have manually tell the ASA to run the script somehow? Please let me know if anything else is required to do.

shinakuma123 · 10-25-2015

Jon, I dont think the policy NAT mentioned below is correct: "access-list policy-nat extended permit ip <realip/mask of siteA> <Mapped IP of remote end(siteB)> 255.255.255.0static (inside,outside) <Mapped IP of site A> access-list policy-nat" Am not...

shinakuma123 · 10-25-2015

I dont think this NAT is right, you mention: "access-list policy-nat extended permit ip <realip/mask of siteA> <Mapped IP of remote end(siteB)> 255.255.255.0static (inside,outside) <Mapped IP of site A> access-list policy-nat" Am not trying to NAT t...

shinakuma123 · 10-25-2015

Hi JonThanks again, I think your right, usually I do NAT exempt but thats with VPN's that are not being twice natt'd. Ok so its clear only the NAT is needed.Yes the current NAT is a PAT for all inside interface addresses to the public IP of the outsi...

shinakuma123 · 10-25-2015

Hi JonWell I need to NAT first because of the overlap on the remote end, then because its going over the VPN a NAT exempt also has to exsist right?The only other NAT currently is to translate inside interface to a public IP on the outside interface.....

Member Since	‎12-15-2014 05:09 PM
Date Last Visited	‎08-18-2017 06:46 PM
Posts	23

User Statistics

User Activity

EEM script on ASA 9.5

Failover ASA's and ISP connection issue.

ASA Pre 8.3 NAT then NO-NAT config

NAT conversion from ASA ver8.0 to 8.4(2)

Site to Site VPN - Conflicting subnet

thank you Joe.

Jon, I dont think the policy

I dont think this NAT is

Hi JonThanks again, I think

Hi JonWell I need to NAT