topic it was resolved by add a NAT in Network Security

IPSec VPN Tunnel

abdelkarim.yousef — Tue, 12 Mar 2019 07:04:23 GMT

Hi,

I have established an IPSec VPN Connection, and created access list to allow traffic to some internal resources through VPN.

But when I try to allow internet access to an internal resource by using NAT, the VPN to this resource be disconnected.

So I can enable either VPN or internet to the local resource.

I need to enable both. Any help

When you have a VPN with some

Marvin Rhoads — Wed, 23 Dec 2015 18:43:29 GMT

When you have a VPN with some or all of the resources also having a NAT policy, you need to exempt the traffic to / from the remote VPN networks from NAT as you want to keep the true IP address for the traffic flowing through the VPN.

For example: https://supportforums.cisco.com/document/44566/asa-83-nat-exemption-example-basic-l2l-vpn-and-basic-ra-vpn

What hardware and software versions are you using? We can provide some more specific sample configurations if you provide that information.

ASA 5520

abdelkarim.yousef — Thu, 24 Dec 2015 05:47:17 GMT

ASA 5520

Cisco Adaptive Security Appliance Software Version 8.3(1)

internal network 192.168.0.0/24

VPN Client with split tunnel

access-list VPN line 1 extended permit tcp any host 192.168.0.216 eq 90

So when a user opens a vpn connection, he can reach host 192.168.0.216 on port 90.

but when we add a nat rule to allow internet access for host 192.168.0.216, the vpn connection to this host be unreachable.

object network host1

host 192.168.0.216

nat (inside2,outside) dynamic interface

it was resolved by add a NAT

abdelkarim.yousef — Thu, 24 Dec 2015 06:26:43 GMT

it was resolved by add a NAT Exemption:

nat (inside,outside) source static NETWORK_OBJ_local NETWORK_OBJ_local destination static NETWORK_OBJ_VPNPool NETWORK_OBJ_VPNPool

Great. Please mark your

Marvin Rhoads — Thu, 24 Dec 2015 13:59:03 GMT

Great. Please mark your question as answered if it has been.