I have a Cisco 2621 with a WIC-1ADSL and I replaced my ISP's DSL router. Fa0/0 connects to a Cisco ASA-5505. WIC-1ADSL connects via Dialer interface to Frontier Communications. Works like a champ using IOS 12.3 (26).
I would like to connect a PC to the Fa0/1 port so that I can simulate testing so that the PC would appear as though it is the Internet. Currently, I have to go home and try things out on my home PC or from an Android cell phone (which with my age and eyesite, have trouble reading the small text). I am not sure how to set the NAT statements but would assume that I can static map the single IP of the PC or the entire subnet of the interface???? This is where I am unsure. I would like to be able to access the internet from this PC also and if something happens to it for not being behind a firewall, I will just reload it. It is just an old HP running WinXP.
Anyway, just wanted to test the VPN from the PC connected to the 2621 into my network which would look like:
The ultimate goal here is to get the VPN working on the ASA-5505 so that I can access my Cisco UC320W from home via VPN. I would also like the VPN to terminate client VPN (specifically Android via Android VPN) and Windows 7. Not sure if AnyConnect or IPSec/L2TP yet but looks like AnyConnect requires me to root my phone which won't happen because it voids the warranty of the phone. Side note: this is documented on Cisco's website but am probably not sure how Cisco would feel if another company's directions explicity stated to void the warranty on a Cisco device, hmmm.
Anyone have any ideas on how to make this PC appear as though it is coming from the Internet and still have access to the Internet?
** First of all, FastEthernet0/0 interface is supposed to be connected to the ASA firewall not Frontier. Well thats what I understood by your problem description. So this interface should have ASA outside subnet and be "ip nat inside"
** Second, You can reach internet from the PC connected on Fa0/1 interface but I am not sure I understand by your statement "make this PC appear as though it is coming from the Interne". Are you looking for send traffic From this PC towards the ASA for testing? i.e from Fa0/1 interface towards Fa0/0?
If yes, then its more like a Test environment that you want to create, so just give a Public ip address lets say 220.127.116.11/30 to the PC and assign 18.104.22.168/30 to Fa0/1 interface. You don't need to do any NAT for the traffic going from the PC to ASA and to your ASA it will look like the traffic is coming from a Public ip.
** Now to make this PC go to internet as well through Dialer1, issue the config statements:
access-list 100 permit ip 22.214.171.124 0.0.0.3 any
ip nat inside source list 100 interface dialer1 overload
ip nat inside
ip nat outside
** For hosting services like VPN (anyconnect or RemoteAccess), you would need a public ip address from your ISP apart from the one being assigned to Dialer1 interface dynamically. then you'll be configuring a static NAT mapping that public ip to ASA's outside interface which is going to act as the VPN end point.
Thanks, that did it. Sorry for the confusion with the Frontier side of things. The outside interface of the ASA is a static Frontier IP and I replaced their crappy little DSL modem with the 2621 so it is "all" Frontier from the outside ASA. Actually, I had real issues with getting through my ASA and Frontier told me their device was just a DSL modem but upon further inspection, it is a Router too so I was getting blocked even before traffic hit my ASA. With the 2621, I now have full control.
I already have some static NAT on the ASA for some Cisco IP Cameras and a couple of other items that I needed access to from the outside. Now, I am getting a lot of these holes poked in my firewall and would rather close them up and use a VPN solution which the ASA already has built-in and I paid for the license if I remember correctly.
Now I can enable VPN and test within the confines of my own office and not have to run home to try things out!
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...