ISP -> Router 2911 (four VLANs) -> Switch 2960, there has been an ASA 5510 sitting around for sometime now the end goal for the ASA setup is to have it setup as a site-to-site VPN as well as a remote access VPN. What I am trying to determine is how I would I place the ASA behind the router. Right now I have it setup and plugged into the Swith, so would I NAT the private IP of the ASA to one of my public IPs?
Also, does anyone know where I can find a good guide on configuring VPN to authenicate against AD without using ADSM?
you have to statically NAT the ASA translating the private ip address to a public one as it should be accessable from outside , on the router you should have the following port opened for the inbound access-list :
UDP 500 ISAKMP
UDP 4500 NAT Traversal
now regarding the LDAP example , please see the following :
Thanks for the LDAP work perfectly my firewall now does LDAP authenication! But maybe I'm missing something, on the side of the VPN setup on the firewall and I've got it statically map via the router. But when I open up my VPN client its still not connecting to the gateway I get the peer not responding. Any ideas?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...