cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
759
Views
0
Helpful
2
Replies

Need an Advice:NAT exemption with RA VPN

groupedlsi
Level 1
Level 1

Hello,

I just created a remote access vpn on my ASA5510 "8.4(2)8". But I'm not sure the exception for the NAT is correct, it's working but it's more about the security (with the old version I used explicit exception rules).

In the lan side there is a subnet (192.168.254.0/24) who is using dynamic nat for internet access.

The network for remote access for vpn's user is the following 172.17.0.0/24.

When the vpn's user try to reach the subnet 192.168.254.0/24, they had the reverse path failure error.

So I have added the following nat rule before the dynamic rule for internet access:

nat (inside, outside) source static mysubnet mysubnet destination static RA_VPN_Network RA_VPN_Network

Is it correct? no security hole?

1 Accepted Solution

Accepted Solutions

varrao
Level 10
Level 10

This is absolutely correct and this is wat you'll need. This was called nat exemption in the pre 8.3 codes, and you need it for passing the traffic without natting on the ASA.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

2 Replies 2

varrao
Level 10
Level 10

This is absolutely correct and this is wat you'll need. This was called nat exemption in the pre 8.3 codes, and you need it for passing the traffic without natting on the ASA.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao

Big thanks, for this fast answer!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: