Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

inbound-vpn-crypto

Hi All,

We have a working site to site vpn between 2 location.  bascially site A is only accessing servers at site B.  there is no access back to site A from site B.

Now there is a requirement to access a server at site A from site B.

Please find below the specifi current configuration at site A  & planned new configs.

Current Vpn configuration at site A ASA

ASA Version 8.3(1)

==============

object network hsdp_vpn_ip

host 84.*.*.90

description hsdp vpn ip  

object-group network lsdp_svr

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

network-object host 212.*.*.*

object-group network m4com_svr

network-object host 10.10.2.11

network-object host 10.10.2.12

network-object host 10.10.2.13

network-object host 10.10.2.14

network-object host 10.10.2.16

network-object host 10.10.2.17

network-object host 10.10.2.18

access-list DMZ_access_in extended permit ip any any

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

access-list l2l_list extended permit ip host 84.*.*.90 host 212.*.*.*

nat (DMZ,outside) source dynamic m4com_svr hsdp_vpn_ip destination static lsdp_svr lsdp_svr description pat rule to lsdp services

===========================================

Planned configuration for new requirement at site A ASA

==================================

object network kftp_svr

host 10.10.2.50

object network kftp_trans

host 84.*.*.160

object-group network mftp_clt0

network-object host 212.*.*.152

network-object host 212.*.*.153

network-object host 212.*.*.154

network-object host 84.*.*.150

network-object host 84.*.*.151

access-list l2l_list extended permit ip host 84.*.*.160 object-group mftp_clt0

nat (DMZ,outside) source dynamic kftp_svr kftp_trans destination static mftp_clt0 mftp_clt0

To failitate server access to site A from site B  does the above planned configs works? or i shud change the Nat as below or anyother to be added

nat (DMZ,outside) source static kftp_svr kftp_trans destination static mftp_clt0 mftp_clt0.

Please let me know.

Thanks

3 REPLIES
New Member

inbound-vpn-crypto

Hi,

Could you please response to this? hope i made it understand my requirement.

thanks

New Member

inbound-vpn-crypto

Dear All,

I am bit confused on the Nat part on 8.3.1 version. basically my current requirement( pl see on top as new requirement) is the below which i will configure it in 8.2(5). Kindly help to convert it in 8.3.1 format.

object-group network mftp_clt0

network-object host 212*.*.152

network-object host 212*.*.153

network-object host 212*.*.154

network-object host 84.*.*.150

network-object host 84.*.*.151

access-list INSIDE_nat0_outbound extended permit ip host 84.*.*.160 object-group mftp_clt0-  Nat0 ACL

access-list outside_80_cryptomap extended permit ip host 84.*.*.160 object-group mftp_clt0  -  Crypto ACL to the Peer

static (DMZ,OUTSIDE) 84.*.*.160 10.10.2.50 netmask 255.255.255.255  - Static nat

Thanks in advance

New Member

inbound-vpn-crypto

any updates on this would be appreciated .

do u require any more info from my side pl let me know.

Thanks

123
Views
0
Helpful
3
Replies
CreatePlease to create content