Announcement

Collapse
No announcement yet.

Cisco asa 5505 NAT & ACL setup

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco asa 5505 NAT & ACL setup

    I have a client in need of an additional VPN tunnel to a new service provider. The tunnel setup itself is not an issue, but the NAT and ACL they have provided are. The ASA has a local network of 172.20.1.0 on the inside interface, and has VPN tunnels to remote sites at 172.20.2.0, 172.20.3.0 & 172.30.1.0 all of which are working normally. I have plenty of experience setting up the Cisco pix series so I was able to get through the ASA OK but the NAT and ACL setup is new to me. Any help would be greatly appreciated.

    I have copied the specs provided by the vendor below:

    traffic coming from the IIS server is considered our host. So any traffic going across the tunnel is initiated by your IIS server. XXX is expecting to see requests from the 172.24.209.0 255.255.255.0 so traffic coming from your network to the tunnel needs to be NATed (I think I made up a word there sorry) to that address scheme. Please be sure the configuration is setup to send and receive traffic as well.


    XXX's endpoint is: XX.XX.XX.108

    XXX's network is: 192.168.50.0 (255.255.255.0)

    clinic will need to make ACL from 172.24.209.3 to host 192.168.50.83 and 192.168.50.86

    clinic will need to NAT interesting traffic to172.24.209.0 255.255.255.0

  • #2
    Re: Cisco asa 5505 NAT & ACL setup

    Did you get this resolved? If so, can you detail how you set this up? I have a very similar set of instructions from vendor for a client of mine as well...

    Comment


    • #3
      Re: Cisco asa 5505 NAT & ACL setup

      Again, it would be nice if this could get updated as complete. Anyone get this figured out yet?

      Comment


      • #4
        Re: Cisco asa 5505 NAT & ACL setup

        Originally posted by alabamer View Post
        Again, it would be nice if this could get updated as complete. Anyone get this figured out yet?
        Man, this was hard to figure out, as it seems most people have no idea how to NAT over VPN. Even the Cisco documentation and some of the "Power e-Books" that are available say that you can't do it.

        But it is possible and I'm happy to say that I figured it out. My company works for a lot of eMD's clients so this was an important thing to figure out for our clients.

        The configurations are all going to be unique per clinic, so if you need remote assistance to get this working for your practice, let me know.

        [email protected]

        Comment

        Working...
        X