with some access-list to permit access to some services.
This two configurations worked good.
But I need to assign an public (legal) internet address to the firewall because we need VPN remote access and VPN L2L with other office.
I don't know how to configure the firewall for this.
I tried making an static with firewall inside interface and opening the access, with "debug icmp trace" I could see the test icmp packets arrive to inside interface but the inside interface doesn't answer.
I just need to configure the firewall for VPN access... Any suggestions ???
You would need to configure the static 1:1 translation for the ASA outside ip address (10.120.2.90) to one of your public ip address on the router in front of the ASA for VPN to work.
You can only terminate VPN on the outside interface of your ASA as outside interface is where the default gateway is, and since your outside interface is assigned private ip address, you would need to configure static translation on the router in front of the ASA for the ASA outside interface IP.
Unfortunately there is nothing much you can do if that is the case. ASA does not support virtual IP for VPN termination. Only IOS router supports that as you can configure loopback interface for VPN termination, not on ASA.
VPN on ASA needs to be terminated on the interface connected to the Internet, and in your case, it's the outside interface. The only way is to ask your ISP to change the private ip subnet link between the ASA outside interface and the ISP to public ip subnet so it's routable.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...