RE: VPN on an ASA with nor real IPs on its interfaces.

But I don't have access to the edge router, any other options!!

From: Piotr Matusiak [mailto:pitt2k_at_gmail.com]
Sent: Monday, March 14, 2011 1:46 AM
To: Amin
Cc: ccielab_at_groupstudy.com
Subject: Re: VPN on an ASA with nor real IPs on its interfaces.

In that case you should NAT on the edge router. In case of NAT on the ASA
this will trigger anti-spoofing behavior.

--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
"If you can't explain it simply, you don't understand it well enough" -
Albert Einstein
2011/3/13 Amin <amin_at_axizo.com>
Here the configuration
 
! 172.23.1.54 is the IP of the outside interface
static (outside,outside) 82.213.48.101 172.23.1.54 netmask 255.255.255.255
 
! I permit everything to this translated ip
access-list acl_in_inside extended permit ip any host 82.213.48.101
 
But it doesn't work?
 
Regards,                
Amin
 
 
From: Piotr Matusiak [mailto:pitt2k_at_gmail.com] 
Sent: Monday, March 14, 2011 12:13 AM
To: Amin
Cc: ccielab_at_groupstudy.com
Subject: Re: VPN on an ASA with nor real IPs on its interfaces.
 
Where do you want to translate? On ASA or on router? Either way should work.
Just configure static translation of ASA's outside IP and connect to that
Public IP address.
Regards,
--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
"If you can't explain it simply, you don't understand it well enough" -
Albert Einstein
2011/3/13 Amin <amin_at_axizo.com>
Hi experts,
How I configure an ASA for VPN if no real IPs assigned to any interface, I
have range of real that I can use for translation, but no reals to the
interfeaces.
How I can use one of these reals for the ASA privatesreal maping for itself.
Regards,
Amin
Blogs and organic groups at http://www.ccie.net