https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121934#M1072144 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1076881">@cjones615</a>&nbsp;</P> <P>Now that you have that dynamic NAT rule from outside to outside, you will need a NAT exemption rule from your RAVPN "vpntest" network to the Azure networks to ensure that traffic is not natted. e.g</P> <PRE>nat (OUTSIDE,OUTSIDE) source static vpntest vpnest destination static AZURE-NET AZURE-NET no-proxy-arp </PRE> <P>&nbsp;</P> <P>HTH </P> Mon, 20 Jul 2020 15:39:50 GMT Rob Ingram 2020-07-20T15:39:50Z https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121891#M1072140 <P>Having issues with my VPN configuration.&nbsp; I have a couple of servers on prem and a couple in Azure.&nbsp; It worked fine until I added the following commands:</P><P>access-list TIMECARD_WS standard permit 5.5.5.5</P><P>&nbsp;</P><P>object network vpntest<BR />subnet 192.168.0.230-192.168.0.239 255.255.252.0<BR />nat (outside,outside) dynamic interface</P><P>&nbsp;</P><P>same-security-traffic permit intra-interface</P><P>&nbsp;</P><P>The commands were needed to allow employees to access their timecard when they are working remotely.&nbsp; The timecard website only allows entries when coming from our outside presented ip address.</P><P>&nbsp;</P><P>Once I executed those commands, I got the website to work, but now I can't access any of the server in Azure.</P><P>&nbsp;</P><P>Any help would be greatly appreciated.</P><P>&nbsp;</P><P>Thanks.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 20 Jul 2020 14:56:43 GMT https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121891#M1072140 cjones615 2020-07-20T14:56:43Z https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121910#M1072142 <P>we need more information - TIMECARD_WS - where this was applied what interface.</P> <P>&nbsp;</P> <P>if you applied on the interface only this Access-list all will be dropped except this, this is normal behaviour,</P> <P>&nbsp;</P> <P>if you like both should work, you need to tweak the ACL as per the requirement.</P> <P>&nbsp;</P> <P>Post full configuraiton - all working, after adding this ACL to understand better.</P> Mon, 20 Jul 2020 15:14:52 GMT https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121910#M1072142 balaji.bandi 2020-07-20T15:14:52Z https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121925#M1072143 <P>here is the config</P> Mon, 20 Jul 2020 15:31:13 GMT https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121925#M1072143 cjones615 2020-07-20T15:31:13Z https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121934#M1072144 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1076881">@cjones615</a>&nbsp;</P> <P>Now that you have that dynamic NAT rule from outside to outside, you will need a NAT exemption rule from your RAVPN "vpntest" network to the Azure networks to ensure that traffic is not natted. e.g</P> <PRE>nat (OUTSIDE,OUTSIDE) source static vpntest vpnest destination static AZURE-NET AZURE-NET no-proxy-arp </PRE> <P>&nbsp;</P> <P>HTH </P> Mon, 20 Jul 2020 15:39:50 GMT https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4121934#M1072144 Rob Ingram 2020-07-20T15:39:50Z https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4122553#M1072172 <P>That worked!&nbsp; Thank you!</P> Tue, 21 Jul 2020 11:35:43 GMT https://community.cisco.com/t5/network-security/issues-with-vpn-configuration/m-p/4122553#M1072172 cjones615 2020-07-21T11:35:43Z