TCP PAT from inside:10.10.10.224 443-443 to outside:100.100.100.1 4443-4443
So now when I try to connect to the Juniper SA with a browser on the outside network (https://100.100.100.1:4443) at first I get a certificate warning from the self signed certificate in the Juniper SA, and when I click OK I get this weird message:
If you get to the juniper in first place, then the ASA has no knowledge what is happening inside the HTTPS-session. If you land later on the ASA, then it's very likely that the Juniper has sent a redirect to the browser or you are just following a link that has the port TCP/443 in it. Possible ways to solve that:
Us a different public IP on the ASA so that you don't have to translate the port.
Let Anyconnect run on a non-standard-port and configure the NAT for the Juniper without PAT, so that TCP/443 is used exclusively for the Juniper.
Tell the Juniper that the public port is different to the local port. But I have no idea if that is possible.
Not all the options are feasable or wanted, because:
1) Because it's a lab on a ADSL only 1 public IP address is allowed by the provider
2) I tested option 2 and it worked!, but It's not really what I want, because Anyconnect is used to provide access to the lab, and we want this to be the standard solution. We only want to test the Juniper SA. So I restored the original situation.
3)Change the port on the Juniper.... right, you think it's easy and a quick solution, but unfortunately I don't think it's possible. http://forums.juniper.net/t5/SSL-VPN/Change-SSL-port/td-p/22841
Other users on this Juniper forum experienced the same issue, but not a real solution so far.... hmm I think we can better hang on to Cisco :)
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...