RE: VPN on an ASA with nor real IPs on its interfaces. from Amin on 2011-03-13 (Ccielab archives 03/2011)

From: Amin <amin_at_axizo.com>
Date: Sun, 13 Mar 2011 11:55:05 -0700

100% sure.

From: Piotr Matusiak [mailto:pitt2k_at_gmail.com]
Sent: Monday, March 14, 2011 1:54 AM
To: Amin
Cc: ccielab_at_groupstudy.com
Subject: Re: VPN on an ASA with nor real IPs on its interfaces.

Are you sure you have routing for 82.213.48.x network pointing to your ASA?

2011/3/13 Amin <amin_at_axizo.com>

But I don't have access to the edge router, any other options!!

From: Piotr Matusiak [mailto:pitt2k_at_gmail.com]
Sent: Monday, March 14, 2011 1:46 AM

To: Amin
Cc: ccielab_at_groupstudy.com
Subject: Re: VPN on an ASA with nor real IPs on its interfaces.

In that case you should NAT on the edge router. In case of NAT on the ASA
this will trigger anti-spoofing behavior.

--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
"If you can't explain it simply, you don't understand it well enough" -
Albert Einstein
2011/3/13 Amin <amin_at_axizo.com>
Here the configuration
 
! 172.23.1.54 is the IP of the outside interface
static (outside,outside) 82.213.48.101 172.23.1.54 netmask 255.255.255.255
 
! I permit everything to this translated ip
access-list acl_in_inside extended permit ip any host 82.213.48.101
 
But it doesn't work?
 
Regards,                
Amin
 
 
From: Piotr Matusiak [mailto:pitt2k_at_gmail.com] 
Sent: Monday, March 14, 2011 12:13 AM
To: Amin
Cc: ccielab_at_groupstudy.com
Subject: Re: VPN on an ASA with nor real IPs on its interfaces.
 
Where do you want to translate? On ASA or on router? Either way should work.
Just configure static translation of ASA's outside IP and connect to that
Public IP address.
Regards,
--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
"If you can't explain it simply, you don't understand it well enough" -
Albert Einstein
2011/3/13 Amin <amin_at_axizo.com>
Hi experts,
How I configure an ASA for VPN if no real IPs assigned to any interface, I
have range of real that I can use for translation, but no reals to the
interfeaces.
How I can use one of these reals for the ASA privatesreal maping for itself.
Regards,
Amin
Blogs and organic groups at http://www.ccie.net

Received on Sun Mar 13 2011 - 11:55:05 ART

This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART