Announcement

Collapse
No announcement yet.

Newly Configured Cisco ASA causing LAN instability

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Newly Configured Cisco ASA causing LAN instability

    I have Cisco ASA 5512x i have configured A DMz and Remote access VPN, I can reach all my 12 branch offices on a site-to-site vpn using my ISP network. Also my remote access ipsec vpn is also working from the public internet, But since i introduce it my internal LAN has not been stable, it timeout very frequently. What is the cause.

  • #2
    Usually port forwarding can solve this problem and make remote user access both files on the DMZ and internal resources on the private network through that VPN connection. You can also check here for more detail if that does not work:
    http://windowsitpro.com/systems-mana...pn-connections

    Also, I am trying to determine which of these VPN's I can use, I have been referred to:
    ExpressVPN
    NordVPN
    NordVPN

    They seem to have a good review from here https://itday.com/vpn/best-vpn-services/. Has anyone had any experiences with them?
    Last edited by linda.shift; 15th August 2017, 09:10.

    Comment


    • #3
      i had ASA 5510 and i copied the configs to new ASA 5512 but some changes on the nat. everything works as in the ASA 5510 however my LAN is very unstable. user connection time-out to my LAN SERVERS and even remote users on the remote access vpn also experienced network time out.

      please below the changes on the nat. can anyone check if there is a problem on this statement that might cause my network instability
      .................................................. .................................................. .................................................. .................................................. .................................................. ...........
      arp timeout 14400
      no arp permit-nonconnected
      nat (inside,outside) source static any any destination static NETWORK_OBJ_192.16 8.17.0_25 NETWORK_OBJ_192.168.17.0_25 no-proxy-arp route-lookup
      !
      object network asy_server
      nat (outside,dmz) static 192.168.32.199
      object network HRIS
      nat (outside,inside) static 192.168.0.100
      object network ASY
      nat (outside,dmz) static 192.168.32.199
      object network BANKSRM
      nat (outside,dmz) static 192.168.32.15
      object network Hris
      nat (outside,inside) static 192.168.0.100 service tcp 3040 https
      object network Mails
      nat (outside,inside) static 192.168.0.99 service tcp 3000 https
      object network mails
      nat (inside,outside) static 192.168.0.99 service tcp 3000 https
      object network ob32-192.168.32.0
      nat (dmz,vpns) static 192.168.32.0
      object network obj-192.168.20.0
      nat (vpns,dmz) static 192.168.20.0
      object network obj-192.168.0.0
      nat (inside,vpns) static 192.168.0.0
      !
      nat (inside,outside) after-auto source dynamic any interface description PAT
      access-group outside_access_in in interface outside
      access-group inside_access_in in interface inside
      access-group 150 out interface inside
      access-group dmz_access_in in interface dmz
      access-group vpns_access_in in interface vpns
      !

      Comment

      Working...
      X