11-24-2013 12:55 PM
Hi All,
We have a working site to site vpn between 2 location. bascially site A is only accessing servers at site B. there is no access back to site A from site B.
Now there is a requirement to access a server at site A from site B.
Please find below the specifi current configuration at site A & planned new configs.
Current Vpn configuration at site A ASA
ASA Version 8.3(1)
==============
object network hsdp_vpn_ip
host 84.*.*.90
description hsdp vpn ip
object-group network lsdp_svr
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
network-object host 212.*.*.*
object-group network m4com_svr
network-object host 10.10.2.11
network-object host 10.10.2.12
network-object host 10.10.2.13
network-object host 10.10.2.14
network-object host 10.10.2.16
network-object host 10.10.2.17
network-object host 10.10.2.18
access-list DMZ_access_in extended permit ip any any
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*
nat (DMZ,outside) source dynamic m4com_svr hsdp_vpn_ip destination static lsdp_svr lsdp_svr description pat rule to lsdp services
===========================================
Planned configuration for new requirement at site A ASA
==================================
object network kftp_svr
host 10.10.2.50
object network kftp_trans
host 84.*.*.160
object-group network mftp_clt0
network-object host 212.*.*.152
network-object host 212.*.*.153
network-object host 212.*.*.154
network-object host 84.*.*.150
network-object host 84.*.*.151
access-list l2l_list extended permit ip host 84.*.*.160 object-group mftp_clt0
nat (DMZ,outside) source dynamic kftp_svr kftp_trans destination static mftp_clt0 mftp_clt0
To failitate server access to site A from site B does the above planned configs works? or i shud change the Nat as below or anyother to be added
nat (DMZ,outside) source static kftp_svr kftp_trans destination static mftp_clt0 mftp_clt0.
Please let me know.
Thanks
11-24-2013 02:32 PM
Hi,
Could you please response to this? hope i made it understand my requirement.
thanks
11-25-2013 12:36 AM
Dear All,
I am bit confused on the Nat part on 8.3.1 version. basically my current requirement( pl see on top as new requirement) is the below which i will configure it in 8.2(5). Kindly help to convert it in 8.3.1 format.
object-group network mftp_clt0
network-object host 212*.*.152
network-object host 212*.*.153
network-object host 212*.*.154
network-object host 84.*.*.150
network-object host 84.*.*.151
access-list INSIDE_nat0_outbound extended permit ip host 84.*.*.160 object-group mftp_clt0- Nat0 ACL
access-list outside_80_cryptomap extended permit ip host 84.*.*.160 object-group mftp_clt0 - Crypto ACL to the Peer
static (DMZ,OUTSIDE) 84.*.*.160 10.10.2.50 netmask 255.255.255.255 - Static nat
Thanks in advance
11-25-2013 07:16 AM
any updates on this would be appreciated .
do u require any more info from my side pl let me know.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: