<div>
<div class="content wysiwyg-content">
I have two sites connected via VPN. I restricted it so that only four IP addresses could communicate across the VPN for security purposes. The syntax I know of for the ASA's is below.<br />
<br />
object-group network RockIsland-2<br />
&nbsp;description RockIsland-2 internal IP Range<br />
&nbsp;network-object host 192.168.6.30<br />
&nbsp;network-object host 192.168.6.32<br />
&nbsp;network-object host 192.168.6.33<br />
&nbsp;network-object host 192.168.6.31<br />
<br />
access-list vpn2RI extended permit ip 192.168.10.0 255.255.255.0 object-group RockIsland-2 <br />
access-list nonat extended permit ip 192.168.10.0 255.255.255.0 192.168.6.0 255.255.255.0 <br />
<br />
I just added a 5th IP address to the network-object command and the new workstation works fine. A couple days later, one of the five workstations does not work. It can't connect across the VPN. I am wondering if there is a configuration change that I need to make that I didn't know about.?<br />
<br />
Thanks,<br />
<br />
Justin
</div>
</div>


I have two sites connected via VPN. I restricted it so that only four IP addresses could communicate across the VPN for security purposes. The syntax I know of for the ASA's is below.

object-group network RockIsland-2
 description RockIsland-2 internal IP Range
 network-object host 192.168.6.30
 network-object host 192.168.6.32
 network-object host 192.168.6.33
 network-object host 192.168.6.31

access-list vpn2RI extended permit ip 192.168.10.0 255.255.255.0 object-group RockIsland-2 
access-list nonat extended permit ip 192.168.10.0 255.255.255.0 192.168.6.0 255.255.255.0 

I just added a 5th IP address to the network-object command and the new workstation works fine. A couple days later, one of the five workstations does not work. It can't connect across the VPN. I am wondering if there is a configuration change that I need to make that I didn't know about.?

Thanks,

Justin

trouble with Cisco object-group/VPN configuration

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.