We moved from an AS500 to an ASA5500 and are having an issue with port forwarding and VPN
When we moved from our old AS500 to the new ASA5505, we did not have an issue getting up and running as far as internet and email access goes. What we are having an issue setting up is with our port forwarding for our IP Phone systems and IPsec VPN.
I have attached our current running config to see if anyone might be able to spot the solution to the issues we are having. I am sure it is something simple that we missed when setting up the rules.
Make the above configurations for every port you need. Notice that a single "object" can only hold a single "nat" configurations so each Static PAT configuration requires its own "object". If there are several ports forwarded to a single server I personally tend to do so that I create an additional "object" that just contains the internal server IP address and use that in the external interface ACL rules to allow connections. I do this to avoid having to use multiple different named "object" in the ACL even though it would be possible to use the "object" created in the above NAT configurations.
With regards to the VPN connections, what are you trying to accomplish?
There are several configurations under the Default groups which I would avoid doing. There is also Hardware client configurations, L2L VPN configurations and VPN Client configurations on the ASA.
I would suggest clearing these configurations IF they are not required. In the case of the Default Group configurations you might need to just remove the configurations under those "group-policy" and "tunnel-group" configurations. I don't think you can even remove the actual groups as they are the default ones.
After this I would simply suggest that you log into the ASA with ASDM and run the Wizard for the VPN Client configuration (if that is what you are after) and use it to create a basic IPsec VPN Client configuration (or SSL VPN if you have the required software)
After that is done we can take a look at the configurations again if VPN connections are not working.
That worked a treat! iPhone connected straight away, windows PC also connected. Now to find out why the Apple Macbook Air doesnt connect. I think it is a configuration setting on the Macbook that is the issue.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :