We are also going to focus on how to achieve this using ASDM. We will be creating a route-based connection using IKEv2 and a VTI interface. Route inside 0.0.0.0 0.0.0.In this post, we are going to link an Azure Virtual Network to an on-premise network via a Cisco ASA. Nat (outside) 0 172.16.16.0 255.255.255.0Īccess-group inside_access_in in interface insideĪccess-group inside_access_out out interface insideĪccess-group outside_in in interface outsideĪccess-group outside_access_out out interface outside Nat (inside) 1 access-list inside_nat_outbound Nat (inside) 0 access-list inside_nat0_outbound outside Icmp unreachable rate-limit 1 burst-size 1 Object-group protocol DM_INLINE_PROTOCOL_12Īccess-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_1 anyĪccess-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_8 xx.xx.xx.xx 255.255.255.248 anyĪccess-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 any object-group DM_INLINE_NETWORK_3Īccess-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_5 any xx.xx.xx.xx 255.255.255.248Īccess-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_10 xx.xx.xx.xx 255.255.255.248 object-group DM_INLINE_NETWORK_6Īccess-list inside_access_in extended permit ip any anyĪccess-list TUNNEL_LIST standard permit 172.16.1.0 255.255.255.0Īccess-list TUNNEL_LIST standard permit 172.16.16.0 255.255.255.0Īccess-list inside_in extended permit ip 172.16.16.0 255.255.255.0 anyĪccess-list inside_out extended permit icmp any any logĪccess-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 object-group DM_INLINE_NETWORK_4 anyĪccess-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_7 any xx.xx.xx.xx 255.255.255.248Īccess-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any object-group DM_INLINE_NETWORK_2Īccess-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_6 xx.xx.xx.xx 255.255.255.248 anyĪccess-list outside_access_in extended permit ip any anyĪccess-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_11 172.16.16.0 255.255.255.0 172.16.1.0 255.255.255.0Īccess-list inside_access_out extended permit object-group DM_INLINE_PROTOCOL_9 object-group DM_INLINE_NETWORK_5 anyĪccess-list inside_access_out extended permit ip any anyĪccess-list NO_NAT extended permit ip 172.16.1.0 255.255.255.0 172.16.16.0 255.255.255.0Īccess-list NO_NAT extended permit ip any 172.16.16.16 255.255.255.248Īccess-list outside_access_out extended permit ip any anyĪccess-list outside_access_out extended permit object-group DM_INLINE_PROTOCOL_12 172.16.16.0 255.255.255.0 172.16.1.0 255.255.255.0Īccess-list outside_access_out extended permit ip 172.16.16.0 255.255.255.0 anyĪccess-list MyTunnel standard permit 172.16.1.0 255.255.255.0Īccess-list MyTunnel standard permit host xx.xx.xx.xxĪccess-list MyTunnel standard permit host VPNGatewayĪccess-list MyTunnel standard permit 172.16.16.0 255.255.255.0Īccess-list inside_nat0_outbound extended permit ip 172.16.16.0 255.255.255.0 interface insideĪccess-list outside_in extended permit icmp any host xx.xx.xx.xxĪccess-list outside_in extended permit tcp host 24.44.185.66 host xx.xx.xx.xx eq sshĪccess-list outside_in extended permit tcp host 67.81.133.13 host xx.xx.xx.xx eq sshĪccess-list outside_in extended permit tcp 192.149.224.0 255.255.255.0 host xx.xx.xx.xx eq sshĪccess-list outside_in extended permit ip 172.16.16.0 255.255.255.0 any logĪccess-list inside_nat_outbound extended permit ip 172.16.16.0 255.255.255.0 any
Object-group protocol DM_INLINE_PROTOCOL_11 Object-group protocol DM_INLINE_PROTOCOL_9 Object-group protocol DM_INLINE_PROTOCOL_10 Object-group protocol DM_INLINE_PROTOCOL_8
Object-group protocol DM_INLINE_PROTOCOL_7 Object-group protocol DM_INLINE_PROTOCOL_6 Object-group protocol DM_INLINE_PROTOCOL_5 Object-group protocol DM_INLINE_PROTOCOL_4 Object-group protocol DM_INLINE_PROTOCOL_3 Object-group protocol DM_INLINE_PROTOCOL_2 Object-group protocol DM_INLINE_PROTOCOL_1 Name 172.16.1.1 VPNGateway description VPNGateway
I want to route all internet traffic of people who connect to my ASA, through ASA, so anyone who connects, their internet IP will be my router IP.
0 kommentar(er)
