[Cug] asa 8.3 problemi nat statici su vpn con ip in overlapping

Mon, 26 Jul 2010 01:51:33 -0700 

Salve, 

qualcuno di voi ha già avuto un problema di questo tipo? 

ASA 5520 (8.3) con VPN e indirizzi in overlapping e nat statici 1-1?

Praticamente dalla sede1 riesco a pingare gli indirizzi nattati verso la sede2 
ma non riesco ad accedere ai servizi aperti sui servers (ssh, telnet, etc), 
nonostamente non ci siano limitazioni nelle access rules. 


IP inside sede 1: 192.168.2.0/24
IP inside sede 2: 192.168.2.0/24

IP outside sede 1: 172.16.254.0/24
IP outside sede 2: 172.16.253.0/24


ASA-SITE2# sh run nat
nat (inside,outside-wind) source static 192.168.2.20 172.16.253.20 destination 
static VPN_L2L_SITE1 VPN_L2L_SITE1
nat (inside,outside-wind) source static nexus 172.16.253.253 destination static 
VPN_L2L_SITE1 VPN_L2L_SITE1
nat (inside,outside-wind) source static 192.168.2.13 172.16.253.13 destination 
static VPN_L2L_SITE1 VPN_L2L_SITE1
nat (inside,outside-wind) source dynamic any 172.16.253.1 destination static 
VPN_L2L_SITE1 VPN_L2L_SITE1
nat (inside,outside-wind) source dynamic any interface

 
 

ASA-SITE2# sh access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
            alert-interval 300
access-list outside-wind_1_cryptomap; 1 elements; name hash: 0x2bedd12d
access-list outside-wind_1_cryptomap line 1 extended permit ip 172.16.253.0 
255.255.255.0 172.16.254.0 255.255.255.0 (hitcnt=1) 0x5362f721
access-list outside-wind_access_in; 1 elements; name hash: 0x3c725494
access-list outside-wind_access_in line 1 extended permit ip any any (hitcnt=0) 
0x1c6f6602
access-list outside-wind_access_out; 2 elements; name hash: 0xdbc0f90e
access-list outside-wind_access_out line 1 extended permit ip 172.16.253.0 
255.255.255.0 any (hitcnt=0) 0x6028d9cf
access-list outside-wind_access_out line 2 extended permit ip any any 
(hitcnt=3) 
0x48e32d81
access-list inside_access_in; 1 elements; name hash: 0x433a1af1
access-list inside_access_in line 1 extended permit ip 192.168.2.0 
255.255.255.0 
object VPN_L2L_SITE1 0x7d1028b5
  access-list inside_access_in line 1 extended permit ip 192.168.2.0 
255.255.255.0 172.16.254.0 255.255.255.0 (hitcnt=3) 0x7d1028b5

a qualcuno è già successo? 

ho dimenticato qualcosa nella configurazione? 

scusate ma non sono ancora pratico con questa nuova release (8.3). 

grazie

Oliver Lagni





_______________________________________________
http://www.areanetworking.it
http://www.areanetworking.it/blog
[email protected]
http://ml.areanetworking.it/mailman/listinfo/cug

Reply via email to