I am trying to setup a VPN tunnel with one of our customers. We usually do all the NATing on a separate ASA, but for this tunnel we have to do it on the same ASA. Now from what I can tell ,my traffic is being NATed, but the ASA does not seem to think it belongs in the tunnel. It is not being encrypted and send out the interface, but not the tunnel.
Here is the basic layout:
I have a protected DMZ. A server on that DMZ (192.168.6.5, or 192.168.6.6) connects to an internal NAT (192.168.6.34).
A dynamic policy hides the two servers (.5 and .6) behind an external IP address (10.10.10.5), the intern al NAT has been statically NATed to the IP address of the customer server (100.100.100.100).
The VPN peer on the customer site (188.8.131.52) is configured.
Static route for 100.100.100.100 via 184.108.40.206 is configured on the ASA.
We also have an external IP address (10.10.10.6) that is exposed to the customer and statically NATed to internal server (192.168.6.10).
for this exposed IP address, the customer will always come in with the same IP (100.100.100.101), which is also NATed statically to (220.127.116.11)
Now when the customer is attempting to access the exposed IP address (10.10.10.6), the tunnel establishes correctly, but the return traffic is NOT put back into the tunnel.
I am not sure where I have gone wrong, but my rules seem to lead the ASA to believe the traffic does not belong in the tunnel.
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about Cisco Threat Response, from its components and new features to ...
Hello everyone, 1)I already got a ACL for ssh applied to vty lines.ip access-list standard vty-accesspermit xx.xx.xx.xx logline vty 0 4access-class vty-accesstransport input ssh 2) ACL to use with CoPP access-list 101 permit tcp xx.xx.xx.x...
Community Live Slides- How to optimize your Cisco Security investments with Threat Response
(Live event - formerly known as Webcast- Tuesday February 18, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event had place on Tuesday 18th, Februa...
Two main issues I am facing as part of ISE guest access POC lab.On any device on first attempt connections works smooth. However, if I disconnect and reconnect the SSID, its repeatedly giving "Couldn't get an IP address" or "No internet connection" on con...
Microsoft published a security advisory providing guidance to increase the security for communications between LDAP clients and Active Directory domain controllers. The document introduced the use of LDAP channel binding and ...