Hello, How can I get to the ASA's outside interface when my PC isn't connected to the same network? N.B. My PC is connected to the Internet.. so for me to connect to the ASA'S outside interface which is connected to a service providers router interface..do I connect to the public IP address of the service provider given to the ASA? Your response would be really appreciated. Thanks a lot 🙏🏾
No you shouldn't use self-signed certficates, it's like printing your own car license and using it like a ID. Wildcard certs or SAN is a good practice but a best practice you should have a cert from a trusted third-party company like digicerts tex.
Hi, how are you? This is probably a NAT problem. The connection between Local Network vs. VPN must happen with the private IPs defined in the configuration (bidirectional). It may be that the firewall is doing NAT and translating the IP of the internal network by the external IP of connection, in the process of answering the connection request performed by a VPN host. To resolve this problem, you need to exempt NAT in Internal Network vs. VPN communication. [Create a NAT rule inside a network object] Configuration example: 1- TRADITIONAL NAT: FW-ASA(config) # object network LOCAL FW-ASA(config-network-object) # subnet 172.16.1.0 255.255.255.0 FW-ASA(config-network-object) # nat (inside, outside) dynamic interface FW-ASA(config-network-object) # exit 2- NAT EXEMPTION: FW-ASA(config) # object network VPN FW-ASA(config-network-object) # subnet 192.168.1.0 255.255.255.0 FW-ASA(config-network-object) # nat (inside, outside) source static LOCAL LOCAL destination static VPN VPN FW-ASA(config-network-object) # exit
Hello,
How can I get to the ASA's outside interface when my PC isn't connected to the same network?
N.B. My PC is connected to the Internet.. so for me to connect to the ASA'S outside interface which is connected to a service providers router interface..do I connect to the public IP address of the service provider given to the ASA?
Your response would be really appreciated. Thanks a lot 🙏🏾
Hi, What if I will use this to a production, is it okay if I use self-signed certificate?
ok
No you shouldn't use self-signed certficates, it's like printing your own car license and using it like a ID. Wildcard certs or SAN is a good practice but a best practice you should have a cert from a trusted third-party company like digicerts tex.
Can we use Cisco AnyConnect from anywhere anytime???
which is asa model and may i have your script configure ? thanks
i have problems, i can't make ping internal network
go to my page : cisco khmer Group and like page, u will got file configure
Hi, how are you? This is probably a NAT problem. The connection between Local Network vs. VPN must happen with the private IPs defined in the configuration (bidirectional). It may be that the firewall is doing NAT and translating the IP of the internal network by the external IP of connection, in the process of answering the connection request performed by a VPN host.
To resolve this problem, you need to exempt NAT in Internal Network vs. VPN communication. [Create a NAT rule inside a network object]
Configuration example:
1- TRADITIONAL NAT:
FW-ASA(config) # object network LOCAL
FW-ASA(config-network-object) # subnet 172.16.1.0 255.255.255.0
FW-ASA(config-network-object) # nat (inside, outside) dynamic interface
FW-ASA(config-network-object) # exit
2- NAT EXEMPTION:
FW-ASA(config) # object network VPN
FW-ASA(config-network-object) # subnet 192.168.1.0 255.255.255.0
FW-ASA(config-network-object) # nat (inside, outside) source static LOCAL LOCAL destination static VPN VPN
FW-ASA(config-network-object) # exit
@@gustvieira99 can you help me with this configuration
@@mauropitmau sim, claro! o que precisa? está com o mesmo problema? o cliente VPN não consegue acessar a rede local?
@@gustvieira99 sim, eu chego até ao ASA mas de lá já não saio. Não conseguimos acessar a rede abaixo do asa. mauropitmau@gmail.com este é o meu email.
Do you need to add certificate on end devices or not
just testing no need
SSL do not need to install certification on endpoint
You should always use certs....It will work without but ain't safe....
Thank you for the easy video...
Ok