Testing IPSEC with Cisco ASA 8.2(5)
Cisco made significant NAT changes starting with ASA 8.3. Prior to 8.3 there is less flexibility when incorporting the required NAT rules to allow HTTP and HTTPS to be protected by the Cloud Security Service.
Creating a NAT exempt rule for a test host will accomplish the following:
NOTE - the test host MUST be able to resolve DNS from a local DNS server. Creating an exempt rule will put all traffic from the test host into the IPSEC tunnel. Currently Blue Coat will only intercept HTTP and HTTPS all other protocols will be dropped in the Cloud.
Using ASDM 6.4(9) the exempt rule will be created as follows:
First create an exempt rule:
Next define the test workstation as the source of the exempt rule:
The results of the NAT creation will look like the following:
The exempt rule needs to be above any other NAT rule that this test workstation might have matched.
The config output of above example looks as follows:
name 192.168.1.8 worksation1
access-list inside_nat0_outbound extended permit ip host worksation1 any
nat (inside) 0 access-list inside_nat0_outbound
Rate this Page
Please take a moment to complete this form to help us better serve you.