Re: [fw-wiz] ASA routing over VPN

Hash: SHA1

LOL Yea I know that Telnet should not be enabled. Actually once I get it all
working and routing properly I would like to close down ASDM, telnet and SSH to
anywhere but from the vpn.

Thanks for the advise I will be trying that out.

Horvath, Kevin M. wrote:
I only had time to look at the vpn to internet "hairpinning" scenario. It
looks like you don't have an ip pool assigned to the vpn traffic to be
designated for NATing to the internet. Try implementing ip local pool

Let me know how this works. Cool feature, I wish my pix could do this so I
didn't have to terminate my tunnels on a router and a concentrator.

On a side note watch out for this command "telnet internet",
that's not good. You have ssh configured so stick to your guns with it
since at least it is encrypted. Best practice is to not even to open it to
the internet yet just vpn in and then access it via ssh. Ah but who takes
advice from a pen tester anyways ;p

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Craig
Van Tassle
Sent: Tuesday, July 25, 2006 5:12 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] ASA routing over VPN

I have a ASA 5510 and its not routing my vpn's properly. I can get from my
to anywhere on my lan.. but I cant get to the net from my vpn's.
I have 4 VPN tunnels. One over the Internet, and 3 over a Frame relay

The Internet one is not working at all.. it connects but does not route any
traffic. The VPN's on my Frame connect but do not route traffic to the

I'm at a total loss as where to go with this.

Attacked is my current config (ip's and password have been changed)
firewall-wizards mailing list
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla -


firewall-wizards mailing list

Relevant Pages

  • Re: I do not get ssh. Why is it more secure?
    ... I ask this because I will be needing to open SSH ... eavesdropped or modified under way (unlike telnet). ... When you have a connection that you want to make permanent, setting up a vpn is a good solution. ...
  • Re: Access to terminal server problem
    ... If they can't telnet? ... VPN to get to your network. ... terminal server on port's another layer of security and is easier ... Networking, Internet, Routing, VPN Troubleshooting on ...
  • Re: lpd across the Internet - how secure?
    ... We have thought of using SSH, VPN, etc. ... The constrains we have are the print jobs automated and taking place 7 x 24. ... If we use SSH or VPN, the other side across the Internet could telnet, ftp, ...
  • Re: Remotely edit user disk quota
    ... from the Internet, with only trustworthy machines inside it, ... root login from telnet rsh and ssh which is disabled by default. ... The only think you should be aware is to not do it when connection is from outside and insecure. ...
  • Re: starting FTP service
    ... If your machine is connected to the internet I strongly suggest you turn ... off telnet and start using ssh. ... to comprmise your system through telnet. ... The USA Patriot Act is the most unpatriotic act in American history. ...