Old Setup: our existing setup is a 5510 with remote access vpn through a dsl link. this was done because we did not have the facility hooked into our LAN campus. now, we have the fiber in and the facility is setup on the local LAN. we want to decommission the vpn setup.
well and good.
New setup: will be about 10 internal devices (172.x.x.x) with 10 individual static NAT addresses configured on the 5510.
this way, all users on our local LAN can get to the 10 devices.
BUT, we only want certain LAN users to get to those devices. those users will have various IP addresses because their desktops are set for DHCP. so how do I control access through the 5510?
The users would not mind if an extra username/passwd box popped up whenever they tried to access the internal 10 devices.is there a way to do this?
Re: how to setup NAT with ACl's/restricted access.
If you have a win2k or 2k3 server you can install Internet Authentication Server (IAS), it's MS'es free Radius implementation. I've set it up for both administrative access and remote vpn access. And this way, you can use active directory accounts with it as well.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...