ASA twilight zone? :)
On Fri, Apr 20, 2012 at 4:01 PM, Fawad Khan <[email protected]> wrote: > A static Identity nat for the Virtual IP would be required.... dont ask me > why, :)............ also try to play with it like this > > static(inside,outside) 10.0.0.200 10.1.1.1 > > and it will still work. again, dont ask me why... I did the similar setup > couple of years back and did a typo in the static, but the solution worked > like a charm. > > FNK > > > On Fri, Apr 20, 2012 at 4:35 PM, Imre Oszkar <[email protected]> wrote: > >> Hi, >> >> I have the following cut-trough proxy config on an ASA. >> >> aaa authentication match trigger dmz TACACS >> access-list trigger extended permit tcp any any eq 2001 >> access-list trigger extended permit tcp any host 10.0.0.200 eq www >> access-list trigger extended permit tcp any host 10.0.0.201 eq telnet >> >> virtual http 10.0.0.200 >> virtual telnet 10.0.0.201 >> >> For some reason the virtual IPs don't accept connections. Here is the >> log I get on the ASA: >> >> %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/3088 to >> 10.0.0.201/23 flags SYN on interface dmz >> %ASA-2-106001: Inbound TCP connection denied from 10.0.0.100/1035 to >> 10.0.0.200/80 flags SYN on interface dmz >> >> Any other form of network authentication is working well, including >> listener and redirect. >> >> Please comment, >> >> Thanks, >> Oszkar >> >> >> >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
