A static Identity nat for the Virtual IP would be required.... dont ask me why, :)............ also try to play with it like this
static(inside,outside) 10.0.0.200 10.1.1.1 and it will still work. again, dont ask me why... I did the similar setup couple of years back and did a typo in the static, but the solution worked like a charm. FNK On Fri, Apr 20, 2012 at 4:35 PM, Imre Oszkar <[email protected]> wrote: > Hi, > > I have the following cut-trough proxy config on an ASA. > > aaa authentication match trigger dmz TACACS > access-list trigger extended permit tcp any any eq 2001 > access-list trigger extended permit tcp any host 10.0.0.200 eq www > access-list trigger extended permit tcp any host 10.0.0.201 eq telnet > > virtual http 10.0.0.200 > virtual telnet 10.0.0.201 > > For some reason the virtual IPs don't accept connections. Here is the log > I get on the ASA: > > %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/3088 to > 10.0.0.201/23 flags SYN on interface dmz > %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/1035 to > 10.0.0.200/80 flags SYN on interface dmz > > Any other form of network authentication is working well, including > listener and redirect. > > Please comment, > > Thanks, > Oszkar > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
