Hello,
I am not a heads down network guy, but I have setup a few firewalls, and have got them to do what I wanted, "eventually". But mostly through reading and trial and error.
I am struggling with this one, but I think I know the answer, but want to verify it with some experts.
We have a cisco asa 5505, with an internet connection with only one useable ip address (subnet 255.255.255.252). We/they have had a nat setup for outgoing connections for some time, but I have been
Hello, We have Nat setup on our equipment, just a plain vanilla internet connection. Here is the pertinent section of the runing config. ! interface Ethernet0/2 nameif Etherpoint security-level 0 ip address outside-ip 255.255.255.252 ospf cost 10 ! object-group service terminal-services tcp port-object eq 3389 access-list Inside_access_in extended permit icmp any any access-list Inside_access_in extended permit ip 192.168.125.0 255.255.255.0 any access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 MobileVPN 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 MobileVPN 255.255.255.0 inactive access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 any inactive access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 192.168.14.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 192.168.101.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.125.0 255.255.255.0 192.168.253.0 255.255.255.0 access-list Haven_splitTunnelAcl_1 standard permit 192.168.125.0 255.255.255.0 access-list Etherpoint_access_in extended permit tcp host 192.168.125.8 eq 3389 any eq 3389 access-list Etherpoint_access_in extended permit tcp any eq 3389 host 192.168.125.8 eq 3389 access-list Etherpoint_access_in extended permit tcp any host 192.168.125.8 eq 3389 access-list Etherpoint_nat0_outbound extended permit ip host 192.168.125.8 host outside-ip access-list Etherpoint_nat0_outbound extended permit ip host outside-ip host 192.168.125.8 ip local pool HavenVPN 192.168.253.1-192.168.253.254 mask 255.255.255.0 global (Etherpoint) 2 interface nat (Inside) 0 access-list Inside_nat0_outbound nat (Inside) 2 192.168.125.0 255.255.255.0 nat (Etherpoint) 0 access-list Etherpoint_nat0_outbound outside static (Inside,Etherpoint) tcp interface 3389 192.168.125.8 3389 netmask 255.255.255.255 no threat-detection statistics tcp-intercept access-group Inside_access_in in interface Inside access-group Etherpoint_access_in in interface Etherpoint route Etherpoint 0.0.0.0 0.0.0.0 204.186.102.187 1 -------- Original Message -------- Subject: Re: Hello List, a easy Cisco question. From: Dennis <[1]daodennis@gmail.com> Date: Mon, July 11, 2011 12:39 pm To: [2]bill@kruchas.com On Mon, Jul 11, 2011 at 12:33 PM, <[3]bill@kruchas.com> wrote: trying to So your provider has your ASA behind a NAT or there is a NAT inside,outside statement on your ASA? Some more pieces of the configuration would be helpful here too. Thanks, Dennis O. References 1. mailto:daodennis@gmail.com 2. mailto:bill@kruchas.com 3. mailto:bill@kruchas.com