Hello List, a easy Cisco question.
bill at kruchas.com
bill at kruchas.com
Mon Jul 11 20:16:00 UTC 2011
Hello,
We have Nat setup on our equipment, just a plain vanilla internet
connection.
Here is the pertinent section of the runing config.
!
interface Ethernet0/2
nameif Etherpoint
security-level 0
ip address outside-ip 255.255.255.252
ospf cost 10
!
object-group service terminal-services tcp
port-object eq 3389
access-list Inside_access_in extended permit icmp any any
access-list Inside_access_in extended permit ip 192.168.125.0
255.255.255.0 any
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 MobileVPN 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.0.0
255.255.255.0 MobileVPN 255.255.255.0 inactive
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 any inactive
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 192.168.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 192.168.14.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 192.168.100.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 192.168.101.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.125.0
255.255.255.0 192.168.253.0 255.255.255.0
access-list Haven_splitTunnelAcl_1 standard permit 192.168.125.0
255.255.255.0
access-list Etherpoint_access_in extended permit tcp host 192.168.125.8
eq 3389 any eq 3389
access-list Etherpoint_access_in extended permit tcp any eq 3389 host
192.168.125.8 eq 3389
access-list Etherpoint_access_in extended permit tcp any host
192.168.125.8 eq 3389
access-list Etherpoint_nat0_outbound extended permit ip host
192.168.125.8 host outside-ip
access-list Etherpoint_nat0_outbound extended permit ip host outside-ip
host 192.168.125.8
ip local pool HavenVPN 192.168.253.1-192.168.253.254 mask 255.255.255.0
global (Etherpoint) 2 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 2 192.168.125.0 255.255.255.0
nat (Etherpoint) 0 access-list Etherpoint_nat0_outbound outside
static (Inside,Etherpoint) tcp interface 3389 192.168.125.8 3389
netmask 255.255.255.255
no threat-detection statistics tcp-intercept
access-group Inside_access_in in interface Inside
access-group Etherpoint_access_in in interface Etherpoint
route Etherpoint 0.0.0.0 0.0.0.0 204.186.102.187 1
-------- Original Message --------
Subject: Re: Hello List, a easy Cisco question.
From: Dennis <[1]daodennis at gmail.com>
Date: Mon, July 11, 2011 12:39 pm
To: [2]bill at kruchas.com
On Mon, Jul 11, 2011 at 12:33 PM, <[3]bill at kruchas.com> wrote:
> Hello,
>
> I am not a heads down network guy, but I have setup a few
> firewalls, and have got them to do what I wanted, "eventually". But
> mostly through reading and trial and error.
>
> I am struggling with this one, but I think I know the answer,
but
> want to verify it with some experts.
>
>
>
> We have a cisco asa 5505, with an internet connection with only
one
> useable ip address (subnet 255.255.255.252). We/they have had a nat
> setup for outgoing connections for some time, but I have been
trying to
So your provider has your ASA behind a NAT or there is a NAT
inside,outside statement on your ASA?
Some more pieces of the configuration would be helpful here too.
Thanks,
Dennis O.
References
1. mailto:daodennis at gmail.com
2. mailto:bill at kruchas.com
3. mailto:bill at kruchas.com
More information about the NANOG
mailing list