Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi Guys
I have a ASA version 9.5 (2), supports EEM.
I would like to configure EEM to reset a site to site VPN tunnel every 30 min, essentially the following commands to be run:Action 1 = Clear crypto isakmp saAction 2 = Clear cryptp ipsec sa peer x.x...
Hi All
I have a pair of Failover ASA5520's, with the following interfaces:- Outside- Inside- WAN- Management
Both the primary and secondary unit each have a physical connection to the other end device apart from the WAN interface.
The WAN interface o...
HiAm trying to set up a S2S VPN on a ASA V8.0.I want to NAT 10.1.1.1 to 20.2.2.2 (due to IP conflict on the other end) then NAT-exempt this to go over the VPN to the remote subnet of 30.3.3.3 10.1.1.1 sits on "inside" interface, the VPN cryptomap i...
HiI have an ASA version 8.0 which am going to upgrade to V 8.4. I believe the NAT statements are different, can someone assist with what the NAT conversion code for the below ver8 NATs to 8.4 will be:global (MS-CLOUD) 20 10.10.10.1-10.10.10.63 netmas...
HiI have setup many site to site VPN's but never ran into a overlapping issue before, i need advice on configuration / resolution for the following: Site A (Our site - ASA 5505 Version 8.4)Local Subnets:10.10.105.0 /2410.20.105.0 /24 Site B (remote f...
thank you Joe.
Is it a matter of just configuring the above in global configuration mode? and it will run from there forth or do I have manually tell the ASA to run the script somehow?
Please let me know if anything else is required to do.
Jon, I dont think the policy NAT mentioned below is correct: "access-list policy-nat extended permit ip <realip/mask of siteA> <Mapped IP of remote end(siteB)> 255.255.255.0static (inside,outside) <Mapped IP of site A> access-list policy-nat" Am not...
I dont think this NAT is right, you mention: "access-list policy-nat extended permit ip <realip/mask of siteA> <Mapped IP of remote end(siteB)> 255.255.255.0static (inside,outside) <Mapped IP of site A> access-list policy-nat" Am not trying to NAT t...
Hi JonThanks again, I think your right, usually I do NAT exempt but thats with VPN's that are not being twice natt'd. Ok so its clear only the NAT is needed.Yes the current NAT is a PAT for all inside interface addresses to the public IP of the outsi...
Hi JonWell I need to NAT first because of the overlap on the remote end, then because its going over the VPN a NAT exempt also has to exsist right?The only other NAT currently is to translate inside interface to a public IP on the outside interface.....
