I need to be access network resources on the outside from the Inside interface IP address. I have been unable to pass any traffic originating from the INSIDE interface adress to anywehere on the outside of the network. Other INSIDE traffic is working fine, just the actual INSIDE interface IP. Specifically, I'm trying to setup LDAP for VPN logins and the INSIDE interface needs to contact the LDAP server which is on the OUTSIDE of the network. I am not using NAT.
The packet tracker says a "config implicit rule" is dropping the traffic but I can't find the affending rule....
Yes, trying to get ASA to talk directly to LDAP server Yes, ASA is VPN connection point and I'm using Cisco VPN client. VPN is working fine now but I have to utilize LDAP for user accounts instead of the local ASA database.
I see (Kinda.) Just to understand, the traffic is blocked at some point going to the ldap server from your outside IP range? I'm not sure it will work like that without something to allow that traffic from you?
If the ldap server is on the outside, the aaa-server command would need to have (Outside) instead of (Inside) for it to connect. Otherwise, it will try to connect behind the inside interface for the ldap server.
Exactly! I was hoping the ASA could do this but it's not looking good. Although I don't understand why the INSIDE interface can't connect to outside resources when everything else on inside of the inside interface can.
Yeah, I think with this it's not so much the inside not connecting to outside resources, just those commands being interface centric so whatever interface is specified, is where the asa tries to connect via. Best of luck! Cheers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :