ā07-20-2017 02:22 PM
Remote VPN users arent able to access the internal WEB server using the WAN IP of the Internal servers , do I have to make a nat exempt or a U turn
ā07-20-2017 09:08 PM
Hi,
Can you share the show version of
Regards,
Aditya
Please rate helpful and mark correct answers
ā07-21-2017 08:17 AM
Sh version
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(7)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
PNIASA up 3 years 163 days
failover cluster up 4 years 127 days
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 503d.e5a2.77ca, irq 9
1: Ext: GigabitEthernet0/1 : address is 503d.e5a2.77cb, irq 9
2: Ext: GigabitEthernet0/2 : address is 503d.e5a2.77cc, irq 9
3: Ext: GigabitEthernet0/3 : address is 503d.e5a2.77cd, irq 9
4: Ext: Management0/0 : address is 503d.e5a2.77ce, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.
I have the NAT for internal server
ā07-21-2017 09:14 AM
Hi,
You need to, first of all, add a deny statement on the NAT exempt statement to deny traffic from VPN users to the internal server.
This is because the interesting traffic is asked to be NAT exempted hence if we access the public IP we will not be able to
nat (outside) 1 x.x.x.x----Subnet of the VPN pool
global (outside) 1 interface
Regards,
Aditya
Please rate helpful and mark correct answers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide