08-23-2011 08:21 AM
I am deployting a AS 5505 unit. It is connecting a Site to Site LAN but all the traffice needs to "routed" on the "outside" network.
Example:
ASA 5505 LAN IP: 192.168.11.1
(
Tunnel: xxx.xxx.xxx.150 -> yyy.yyy.yyy.50 (Completed!)
Network Traffic: xxx.xxx.ccc.160 ---> yyy.yyy.yyy.50 (Traffic is working.)
Network Printing: yyy.yyy.yyy.50 ---> yyy.yyy.yyy.51 / tcp 9100 ( Connection denied, ... flags SYN on interface outside )
Prnter NAT access: yyy.yyy.yyy.51 --> 192.168.1.254
Where / how do I solve this?
08-23-2011 10:29 AM
I dont think we got your question. Do you have the same subnet on both sides of the tunnel?
Could you share more about your configs ? It the tunnel is up and working for some traffic but not for other, either your crypto ACL or your nonat ACL needs to be modified (assuming that internal routing is properly configured).
08-23-2011 10:59 AM
Okay, maybe my question is "vague."
My client needs to connect to another network completely "out" of their control (or mine.)
They have WAN IP addressses yyy.yyy.yyy.50 to 54 (subnet mask: 255.255.255.248). locally.
The remote "network" is first creating a tunnel between the "main" IP address "yyy.yyy.yyy.50" from "xxx.xxx.xxx.150." This completes successfully the IPSec connections.
Then, the "remote" network is sending network traffic from xxx.xxx.ccc.160 to yyy.yyy.yyy.50. This appears to be working as the "other" VPN adiministrator can "ping" the local PC's internal IP address of 192.168.11.110.
Here is the next step. The remote network then does not use the local "private" addresses to "route" to a printer (192.168.11.254.) They are sending the printer "traffic" between two external IP addresses (yyy.yyy.yyy.50 ---> yyy.yyy.yyy.51.) This is not working ans the log is stating:
host/{ip port protocol}|printer/9100|Inbound TCP connection denied from host/52092 to printer/9100 flags SYN on interface outside.
(note: host is network object yyy.yyy.yyy.50 ---- printer is yyy.yyy.yyy.51 )
Then, I need to "port forward" correctly IP 9100 from yyy.yyy.yyy.51 o 192.168.11.254.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide