Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1086
Views
0
Helpful
2
Replies

Invisible NAT rules (twice NAT) added in 8.3 for VPN??!?

golly_wog
Level 1
Level 1

‎06-01-2011 02:58 PM - edited ‎03-11-2019 01:41 PM

People,

Can anyone shed any light on the following for me?

Note If  you configure VPN, the client dynamically adds invisible NAT rules to  the end of this section. Be sure that you do not configure a twice NAT  rule in this section that might match your VPN traffic, instead of  matching the invisible rule. If VPN does not work due to NAT failure,  consider adding twice NAT rules to section 3 instead.

this is from http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/nat_overview.html#wp1118157

Thanks.

Labels:
0 Helpful
2 Replies 2

golly_wog
Level 1
Level 1

‎06-03-2011 02:31 AM

What I'd like to know is, where in the order of NAT rules is this inserted?

From my very limited experience, this did not work with a previously configured (twice/manual), NAT rule, so I can only presume that it's added as a new rule, but if you have any previous rules you need to manually specify these...?

https://supportforums.cisco.com/message/3370889#3370889

Many thanks

0 Helpful

bperkic
Level 1
Level 1

‎11-27-2011 03:55 AM

Hello,

I would also like to know what does this "invisible NAT rules" part mean, and what does "If you configure VPN" exactly means? What kind of VPN, L2L or RA? How is VPN configuration related to these "invisible NAT rules", i.e. what part of VPN configuration causes these NAT rules to be added and how? Why are these rules "invisible" after all?

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card