I need monitor the SSL VPN service in external interface of ASA5580 with 9.1.2 version from Nagios in the internal network. ¿Is possible to allow traffic to one that comes from another interface interface?.
All my interfaces has security-level 0, no nat-control, the same-security permit intra-interface and inter-interface commands are apply,
Another question. My external interface has private address and i need monitor public ip with SLA for route tracking. ¿Is possible make nat over a public ip when traffic is originated in ASA?.
To my understanding there is no supported way of enabling a host behind one interface from accessing another interface of the ASA which is what you seem to be asking.
I have only found an old document that states this limitation
Note For security purposes the security appliance does not support far-end interface ping, that is pinging the IP address of the outside interface from the inside network.
I guess you would have to somehow make a connection for the network monitoring past the ASA (and natting the source IP address of the monitor server) so the server could reach the external interface while actually connecting to it through that ASAs external interface rather than an internal interface. Naturally this would mean implementing a network setup that might probably be ideal when trying to keep the environment simple.
In the other question I presume you mean is it possible to NAT the actual interface IP address of the ASA? To my understanding this is not possible.
But if your actual firewall is behind another NAT device (as its using private IP address on its external interface) then is there a need to do anything special on this firewall? Wouldnt the device infront of the ASA handle the required NAT for the ASA to be able to monitor remote hosts for the purpose of tracking?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...