Newly Configured Cisco ASA causing LAN instability

Home Forums Networking Cisco Security – PIX/ASA/VPN Newly Configured Cisco ASA causing LAN instability

This topic contains 2 replies, has 3 voices, and was last updated by  salorob 1 year, 4 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts

  • hardsoft
    Member
    #167147

    I have Cisco ASA 5512x i have configured A DMz and Remote access VPN, I can reach all my 12 branch offices on a site-to-site vpn using my ISP network. Also my remote access ipsec vpn is also working from the public internet, But since i introduce it my internal LAN has not been stable, it timeout very frequently. What is the cause.


    salorob
    Member
    #391848

    Usually port forwarding can solve this problem and make remote user access both files on the DMZ and internal resources on the private network through that VPN connection. You can also check here for more detail if that does not work:
    http://windowsitpro.com/systems-mana…pn-connections

    Also, I am trying to determine which of these VPN’s I can use, I have been referred to:
    ExpressVPN
    NordVPN
    NordVPN

    They seem to have a good review from here https://itday.com/vpn/best-vpn-services/. Has anyone had any experiences with them?


    toandxpc3
    Member
    #391638

    i had ASA 5510 and i copied the configs to new ASA 5512 but some changes on the nat. everything works as in the ASA 5510 however my LAN is very unstable. user connection time-out to my LAN SERVERS and even remote users on the remote access vpn also experienced network time out.

    please below the changes on the nat. can anyone check if there is a problem on this statement that might cause my network instability
    ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static any any destination static NETWORK_OBJ_192.16 8.17.0_25 NETWORK_OBJ_192.168.17.0_25 no-proxy-arp route-lookup
    !
    object network asy_server
    nat (outside,dmz) static 192.168.32.199
    object network HRIS
    nat (outside,inside) static 192.168.0.100
    object network ASY
    nat (outside,dmz) static 192.168.32.199
    object network BANKSRM
    nat (outside,dmz) static 192.168.32.15
    object network Hris
    nat (outside,inside) static 192.168.0.100 service tcp 3040 https
    object network Mails
    nat (outside,inside) static 192.168.0.99 service tcp 3000 https
    object network mails
    nat (inside,outside) static 192.168.0.99 service tcp 3000 https
    object network ob32-192.168.32.0
    nat (dmz,vpns) static 192.168.32.0
    object network obj-192.168.20.0
    nat (vpns,dmz) static 192.168.20.0
    object network obj-192.168.0.0
    nat (inside,vpns) static 192.168.0.0
    !
    nat (inside,outside) after-auto source dynamic any interface description PAT
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    access-group 150 out interface inside
    access-group dmz_access_in in interface dmz
    access-group vpns_access_in in interface vpns
    !

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.