Hi everyone,
I have config RA Full tunnel VPN.
sh nat shows
3 (outside) to (outside) source dynamic any interface
translate_hits = 10887, untranslate_hits = 2843
sh xlate shows
NAT from outside:0.0.0.0/0 to outside:0.0.0.0/0
flags sIT idle 20:04:31 timeout 0:00:00
TCP PAT from outside:10.0.0.51/64361 to outside:192.168.1.171/64361 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64360 to outside:192.168.1.171/64360 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64359 to outside:192.168.1.171/64359 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64358 to outside:192.168.1.171/64358 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64357 to outside:192.168.1.171/64357 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64356 to outside:192.168.1.171/64356 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64355 to outside:192.168.1.171/64355 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64354 to outside:192.168.1.171/64354 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64353 to outside:192.168.1.171/64353 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64352 to outside:192.168.1.171/64352 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64351 to outside:192.168.1.171/64351 flags ri idl e 0:00:13 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64350 to outside:192.168.1.171/64350 flags ri idl e 0:00:13 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64349 to outside:192.168.1.171/64349 flags ri idl e 0:00:13 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64348 to outside:192.168.1.171/64348 flags ri idl e 0:00:13 timeout 0:00:30
UDP PAT from outside:10.0.0.51/59003 to outside:192.168.1.171/59003 flags ri idl e 0:00:12 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64347 to outside:192.168.1.171/64347 flags ri idl e 0:00:14 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64346 to outside:192.168.1.171/64346 flags ri idl e 0:00:11 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64345 to outside:192.168.1.171/64345 flags ri idl e 0:00:15 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64344 to outside:192.168.1.171/64344 flags ri idl e 0:00:15 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64343 to outside:192.168.1.171/64343 flags ri idl e 0:00:15 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64342 to outside:192.168.1.171/64342 flags ri idl e 0:00:15 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64341 to outside:192.168.1.171/64341 flags ri idl e 0:00:15 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64340 to outside:192.168.1.171/64340 flags ri idl e 0:00:15 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64339 to outside:192.168.1.171/64339 flags ri idl e 0:00:18 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64338 to outside:192.168.1.171/64338 flags ri idl e 0:00:18 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64337 to outside:192.168.1.171/64337 flags ri idl e 0:00:18 timeout 0:00:30
UDP PAT from outside:10.0.0.51/58169 to outside:192.168.1.171/58169 flags ri idl e 0:00:17 timeout 0:00:30
TCP PAT from outside:10.0.0.51/64336 to outside:192.168.1.171/64336 flags ri idl e 0:00:18 timeout 0:00:30
UDP PAT from outside:10.0.0.51/54826 to outside:192.168.1.171/54826 flags ri idl e 0:00:17 timeout 0:00:30
UDP PAT from outside:10.0.0.51/53310 to outside:192.168.1.171/53310 flags ri idl
nat (outside,outside) source dynamic any interface
NAT from outside:0.0.0.0/0 to outside:0.0.0.0/0
flags sIT idle 20:04:31 timeout 0:00:00
TCP PAT from outside:10.0.0.51/64361 to outside:192.168.1.171/64361 flags ri idl e 0:00:12 timeout 0:00:30
nat (outside,outside) source dynamic any interface
Need to confirm above config says that we are doing nat from outside to outside and source IP can be any and destination IP can also be any.
Will will do nat -- PAT for outside interface IP address.
And output shown by sh xlate where it says TCP PAT from 10.0.0.51 to outside 192.168.1.171
where IP 10.0.0.51 VPN client
IP 192.168.1.171 is ASA outside interface.
Does this output is generated because we have configured the command "nat (outside,outside) source dynamic any interface"??
Regards
MAhesh
