Firewall Wizards mailing list archives
Re: ASA routing over VPN
From: Craig Van Tassle <craig () codestorm org>
Date: Wed, 26 Jul 2006 15:00:07 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LOL Yea I know that Telnet should not be enabled. Actually once I get it all working and routing properly I would like to close down ASDM, telnet and SSH to anywhere but from the vpn. Thanks for the advise I will be trying that out. Horvath, Kevin M. wrote:
I only had time to look at the vpn to internet "hairpinning" scenario. It looks like you don't have an ip pool assigned to the vpn traffic to be designated for NATing to the internet. Try implementing ip local pool "pool_name_here" "ip_range_here_for_ips_from_over_the_vpn_to_access_the_internet" Let me know how this works. Cool feature, I wish my pix could do this so I didn't have to terminate my tunnels on a router and a concentrator. On a side note watch out for this command "telnet 0.0.0.0 0.0.0.0 internet", that's not good. You have ssh configured so stick to your guns with it since at least it is encrypted. Best practice is to not even to open it to the internet yet just vpn in and then access it via ssh. Ah but who takes advice from a pen tester anyways ;p -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Craig Van Tassle Sent: Tuesday, July 25, 2006 5:12 PM To: Firewall Wizards Security Mailing List Subject: [fw-wiz] ASA routing over VPN I have a ASA 5510 and its not routing my vpn's properly. I can get from my vpn's to anywhere on my lan.. but I cant get to the net from my vpn's. I have 4 VPN tunnels. One over the Internet, and 3 over a Frame relay network. The Internet one is not working at all.. it connects but does not route any traffic. The VPN's on my Frame connect but do not route traffic to the Internet. I'm at a total loss as where to go with this. Attacked is my current config (ip's and password have been changed) _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEx8nHAOTIJ89W4sIRAl4lAJ9tyE4gjqcMgnIQfnTF8xMrehouIQCfQgNE VcBQam2NiY8zeDZ7qpT5RpQ= =kYPP -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ASA routing over VPN Craig Van Tassle (Jul 25)
- Re: ASA routing over VPN Shahin Ansari (Jul 26)
- Re: ASA routing over VPN (Fixed) Craig Van Tassle (Jul 31)
- <Possible follow-ups>
- Re: ASA routing over VPN Horvath, Kevin M. (Jul 26)
- Re: ASA routing over VPN Craig Van Tassle (Jul 27)