I'll post my configs so that If anyone else is looking to do something like
this in the future they might be able to use them.
Regards,
Joe Sanchez
( please excuse the brevity of this email as it was sent via a mobile device.
Please excuse misspelled words or sentence structure.)
On Aug 5, 2012, at 1:17 PM, Piotr Matusiak <pitt2k_at_gmail.com> wrote:
> Hi Joe,
>
> You should have 'outside' keyword to make Outside NAT work:
>
> nat (outside) 1 access-list CT-DYN-POLICY-NAT outside
>
> More hints:
> - ensure you have telnet access to 66.236.14.229 allowed in outside ACL
> - you do not need Virtual Telnet, your clients will be automatically asked
for authentication while connecting to 66.236.14.229
> - this command 'ASA(config)# global (inside) 1 66.236.14.229' does not have
any sense
> - you can use Outside PAT in this case, so instead you can use command like
'global (in) 1 interface)'
>
> HTH
>
> Regards,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security), CCSI #33705
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> b�If you can't explain it simply, you don't understand it well enoughb� -
Albert Einstein
>
>
> 2012/7/30 Joe Sanchez <marco207p_at_gmail.com>
> All,
>
> I've been breaking my head on this one for a while, and frankly I'm just
> out of Ideas on how to get this to work. Please see if you have seen this
> done before, or if it's just impossible to do.
>
>
>
> I have a telnet server on the inside of the network with the IP address of
> 192.168.41.160, I want to allow users from the outside to telnet to this
> server but they must be source NAT'd to a dynamic range I have chosen so
> that I can monitor and authenticate each user that is telneting to this
> server from the outside. So, I've created a Virtual Telnet on the ASA, and
> I can get the users to autheticate to the ASA virtual telnet server, but I
> cannot get the Users to hit a dynmaic nat and reach the internal Telnet
> server... When a user athenticates, their session just dies.
>
> Any help.... I can attach a visio and below is some of the configurations
> I've done without any lucky other than what is posted above.
>
> 1). ASA(config)# virtual telnet 66.236.14.229
> 2). ASA(config)# access-list CT-DYN-POLICY-NAT extended permit tcp any gt
> 1024 host 66.236.14.229 eq telnet
> 3). ASA(config)# static (inside,outside) 66.236.14.229 192.168.41.9 netmask
> 255.255.255.255
> 4). ASA(config)# access-list CT-PROXY-AUTH extended permit tcp any host
> 66.234.14.229 eq telnet
> 5). ASA(config)# aaa authentication match CT-PROXY-AUTH outside LOCAL
> 6). ASA(config)# nat (outside) 1 access-list CT-DYN-POLICY-NAT
> ASA(config)# global (inside) 1 66.236.14.229
> ASA(config)# global (inside) 1 192.168.41.150-192.168.41.160
>
>
>
> Thanks,
> Joe Sanchez
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 05 2012 - 14:59:43 ART