11-18-2012 10:33 PM
My company has task me with connection two ASA 8.4 with public ip address to VPN into one another sites.
My question is I need to connect and configure two static public imp addresses to one another and test the connection between both Asia’s running 8.4.
I have been told that I need twice Nat the two ips to accomplish this task?
In addition, I need to configure a static Pat to allow ip public address to ports 80 and 443 for email only.
My ips are 192.168.100.5 to 192.168.100.6. they need to be static only.
Right know I'm am trying to test the configurations on our one ASA 5510 in the lab and an Extreme Network switch, before running them on our live network so far I have?
On the AS A, I configure the network object as follows:
Ethernet 0/1
nameif Test
ip address 192.168.100.5/30
no shut
network object obj-inmapped-192.168.100.5
host 192.168.100.5
object network obj-outmapped-192.168.100.200
host 192.168.100.6
Nat (inside, outside) source static obj-outmapped-192.168.100.6 destination static obj-inmapped-192.168.100.5
The Static PAT Configure
object network obj_Test01_Pat-80
host 192.168.5.129
nat (inside, outside) static interface service tcp 80 80
object network obj_Test01_Pat-443
host 192.168.5.129
nat (inside, outside) static interface service tcp 443 443
Will this work in my test bed, or do I need to add more commands statements to complete this task?
This is my first time working with ASA’s, this is a new job for me, and this could be change to prove myself to my boss.
I would be very grateful for any help.
Thanks newbie.
11-30-2012 04:54 AM
Hi,
Cisco ASA (and the older PIX firewall) arent really the most user friendly devices to start out cold with. To even test the L2L VPN portion you would already need 2 ASAs or another VPN device to configure the L2L VPN
To my understanding you want to do following things
First of all for L2L VPN configurations you will need to decide or find out the following things (Unless there is already some existing L2L VPN?)
The configurations you mention above seem to be kinda strange.
Im not sure what you are trying to accomplish with the first one. Also the object names dont match with the actual NAT commands used object names
The Port Forward configurations seem ok configuration format wise, but I'm not sure what the source IP addresses used in the configurations are (192.168.5.x) since in the previous one they are totally different. Naturally I might just be mistaken and you have 2 different subnets behind the ASA
We would need alot more information and clarification on the situation before we can give any instructions.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide