06-15-2010 05:37 PM - edited 03-04-2019 08:47 AM
Hi All,
I have a router 1841 connected with ADSL and behind this router connected ASA5520 with private IP Adresse.
the router ADSL is configured with vpn site-to-site with 3 sites:
i want to configure vpn remote client with ASA5520,
to do this i want to forward udp/500 and udp/4500 comming to router public IP to ASA private ip.
the problem is i want to forward request comming from all Public IP except those connected with router with vpn site-to-site.
i think it's possible with route map, but i don't know how to configure it.
can you help me plz, many thanks.
yoyo
06-16-2010 06:56 AM
An extended ACL - based on src/dst to block the L2L VPN, and forward everything else.
HTH>
06-16-2010 07:45 AM
Hi,
thta's what i did,
i creat an ACL
access-list 120 deny ip host A.A.A.A any log
access-list 120 deny ip host B.B.B.B any log
access-list 120 deny ip host C.C.C.C any log
access-list 120 deny ip any host A.A.A.A log
access-list 120 deny ip any host B.B.B.B log
access-list 120 deny ip any host C.C.C.C log
access-list 120 permit ip any any log
and i create a route map
route-map map-forward permit 1
match ip address 120
and i create a nat with
ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable
the problem that the acl match the last one any any i don't know why.
any help
06-16-2010 08:02 AM
It's because you have placed it in the wrong place for the wrong thing.
Post your config for review
06-16-2010 10:01 AM
06-16-2010 11:05 PM
Add "ip nat inside" under vlan 2 interface and test.
06-17-2010 03:16 AM
I add ip nat inside under vlan2
but still not wroking, just i add the command:
ip nat inside source static udp (asa private IP) 500 (ADSL public IP) 500 route-map map-forward extendable
i lose connexion with all site connected with vpn site-to-site with router.
06-18-2010 06:46 AM
Any help or suggestions plz??
06-18-2010 06:49 AM
remove what I suggested, that will get it all back working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: