Showing posts with label asa. Show all posts
Showing posts with label asa. Show all posts

Thursday, August 9, 2012

VPN connexion and Internet Access

When you are connected to a VPN session, normally you can access to the corporate LAN.
However, it's also possible to have access (in the same time) to Internet.

To do this on ASA, you have to configure some NAT rule.
All traffic that will go to Internet have to use the Internet facing interface like source IP address.

The configuration below is an example that can be applied:

ip local pool Pool_VPN 192.168.40.10-192.168.40.250 mask 255.255.255.0
!
interface GigabitEthernet0/1
 description Outside Facing Interface
 nameif INTERNET
 security-level 0
 ip address 199.199.199.199 255.255.255.240
!
object network NAT-VPN-POOL
 subnet 192.168.40.0 255.255.255.0
 description Pool VPN
!
object network NAT-VPN-POOL
 nat (any,INTERNET) dynamic interface

All traffic with VPN IP Pool source address and with Internet destination will match this NAT rule.
Source address will be modified with the outside interface.

Sunday, February 19, 2012

Add a mount point for an ASA


I have found a nice feature on the Cisco ASA. You can create a mount point to a server FTP.
Below you can find a sample of the configuration to  apply:

mount Backup-ASA type ftp
 server 10.10.10.10
 path /root/Backup
 username  userFTP
 password passwordFT
 mode passive
 status enable

To check all the configuration available on this particular folder you can use the command 'dir':

ASA# dir Backup-ASA:
Directory of Backup-ASA:/
       -rwx  71147       19:37:00 Jul 14 2011  ASA-14jul11.txt
       -rwx  79337       16:41:00 Jan 31 2012  ASA-09-02-2012.txt
0 bytes total (2146293760 bytes free)

This trick can be useful to backup easily the running configuration on remote folder:

ASA#copy running-config Backup-ASA