We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 557 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

317 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Notable Replies

  1. Hi Rene,

    Nice Article . Please carry on .

    br/
    zaman

  2. Hi Rene,

    ASA1(config)# nat (OUTSIDE,OUTSIDE) source dynamic VPN_POOL interface

    I got few doubt about the above statements

    [1] Why is the key word SOURCE used in the NAT statement

    [2] waht effect it would make if the Dynamic is changed to Static in NAT statment

  3. STATIC is a one to 1 mapping ie public 8.8.8.8 maps to private 10.10.10.1 all the time.

    DYNAMIC would be used if you had multiple connections that needed to be NATTed as you can then define a range of IP addresses using an access list and when a NAT translation needed to be made, then it would use a free public IP address from the access list.

  4. Rene,

    I was thinking through how to lab up this lesson and was having trouble on the layout for the cloud that labeled outside and the vpn user. I was thinking the cloud was a router with regular ospf passing all traffic and the vpn user..... Could you point me in the right direction (configs) on how to lab up this lesson

    thank you

  5. Hello Christopher

    Yes, actually, you're on the right track. You can create a router with three interfaces, each on a different subnet. Say something like this:

    In this case, all of the 10.10.X.X address space can be considered “the Internet.”

    You can use OSPF if you like to convey routing information to all routers involved, or you could use static routing if you like as well. Just keep in mind that both the ASA and R2 must be informed of each other’s networks (R2 should know about the 10.10.2.0/24 network and the ASA should know about the 10.10.3.0/24 and the 2.2.2.2/32 networks).

    This way you can confirm that your VPN is working over "the Internet," that incoming traffic to the ASA is entering via the VPN and outgoing traffic from the ASA will be connecting again via "the Internet" to the web server at 2.2.2.2.

    I hope this has been helpful!

    Laz

Continue the discussion forum.networklessons.com

Participants