Background: Originally I had this set up without the route-map Nonat1 on the ip nat inside statements. With this if I VPNed in to the network and tried to use one of the services that were translated they would not work becuase I would get replies from the external IP address.
For instance - I would VPN in and telnet to the 192.168.100.213:1352 and if I were capturing with wireshark I would get the external address response in the TCP handshake because it was being translated and it would fail. During my VPN connection I could telnet to the external address x.x.x.1:1352 without issue.
I added the route-map and solved the issue, bypassing those translations for the VPN net. My question is, is the way I did it the best way to do it or is there another way?
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
logging message-counter syslog
enable secret 5 $1$iWHZ$kARifwBMTrEjbscna8v.X/
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 group radius local
aaa authentication login sslvpn local
aaa authentication login userauthen group radius local
aaa authorization exec userauthen group radius local
aaa authorization network vpn_group_ml_1 group radius local
aaa authorization network LEF-VPNGrp group radius local
aaa authorization network groupauthor local
aaa authorization network userauthen group radius local
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...