Azure Virtual network connection to Cisco ASA 5505

        I have configured a virtual network in azure that is linked back to our on premise Cisco ASA 5505 device. After setting up in Azure, I used the VPN device script which is provided by Microsoft through the Azure portal for our selected device.
Using putty, I logged onto the box using SSH and tried running the script but in the section:
! ACL and NAT rules
! 
! Proper ACL and NAT rules are needed for permitting cross-premise network traffic.
! You should also allow inbound UDP/ESP traffic for the interface which will be used for the IPSec tunnel.
object-group network azure-networks
  network-object 10.100.1.0 255.255.255.0
exit
object-group network onprem-networks
  network-object 172.16.55.0 255.255.255.0
  network-object 172.16.129.0 255.255.255.0
exit
access-list azure-vpn-acl extended permit ip object-group onprem-networks object-group azure-networks
nat (inside,outside) source static onprem-networks onprem-networks destination static azure-networks azure-networks
I encountered an error while trying to enter the final line:
nat (inside,outside) source static onprem-networks onprem-networks destination static azure-networks azure-networks
                             ^
ERROR: % Invalid input detected at '^' marker.
With the marker between s^tatic While my gateway is showing in the Azure portal as connected, I have 300 Kb of data coming out but no data going in. I have tried pinging from within my local network, but I am experiencing 100% packet loss. Would the failure of the line above be accounting for this issue? How can I resolve it?

Leave Your Comment

Leave a Reply