Solved: ASA VPN Query

BHconsultants88 · ‎03-13-2017

Hi guys, I wonder if someone could cast an eye over this and offer me some guidance.

Attached is a configuration for an existing ASA that sits in the local DC. Local range is 192.168.231.0 /24 which NATs to 10.54.157.0 /24. This address then routes into HQ to access various networks.

I'm adding a new PBX at a HQ office 10.42.20.0 /24.

Could someone please check this config and confirm that 10.54.157.0 would be able to reach 10.42.20.0 ?

Would really appreciate assistance.

Thanks

Masoud Pourshabanian · ‎03-19-2017

Hello,

It should work.

You have translated some hosts such as HELionSVR2 and VPNLion2 to 10.54.157 network statically and the rest by the following command.

nat (Inside,Outside) source dynamic any interface

You have configured default route as well.

You have also permitted TCP traffic from inside to outside, which is unnecessary. It is allowed by default.

Do not forget to configure return route on your HQ router toward 10.54.157.0/24

Masoud

View solution in original post

Masoud Pourshabanian · ‎03-19-2017

Hello,

It should work.

You have translated some hosts such as HELionSVR2 and VPNLion2 to 10.54.157 network statically and the rest by the following command.

nat (Inside,Outside) source dynamic any interface

You have configured default route as well.

You have also permitted TCP traffic from inside to outside, which is unnecessary. It is allowed by default.

Do not forget to configure return route on your HQ router toward 10.54.157.0/24

Masoud

BHconsultants88 · ‎03-22-2017

Excellent Masoud, thanks kindly. Hopefully one day I can see things as clearly as your explanations. Reading your reply made the configuration seem simple - thank you :-)

Would you mind casting your eye over the following please?

https://supportforums.cisco.com/discussion/13257321/cisco-pix-vpn-config

I'm not sure what ACL's on the PIX I need. Thanks in advance