09-21-2011 02:44 AM - edited 03-11-2019 02:28 PM
Hello,
I just created a remote access vpn on my ASA5510 "8.4(2)8". But I'm not sure the exception for the NAT is correct, it's working but it's more about the security (with the old version I used explicit exception rules).
In the lan side there is a subnet (192.168.254.0/24) who is using dynamic nat for internet access.
The network for remote access for vpn's user is the following 172.17.0.0/24.
When the vpn's user try to reach the subnet 192.168.254.0/24, they had the reverse path failure error.
So I have added the following nat rule before the dynamic rule for internet access:
nat (inside, outside) source static mysubnet mysubnet destination static RA_VPN_Network RA_VPN_Network
Is it correct? no security hole?
Solved! Go to Solution.
09-21-2011 02:47 AM
This is absolutely correct and this is wat you'll need. This was called nat exemption in the pre 8.3 codes, and you need it for passing the traffic without natting on the ASA.
Hope this helps
Thanks,
Varun
09-21-2011 02:47 AM
This is absolutely correct and this is wat you'll need. This was called nat exemption in the pre 8.3 codes, and you need it for passing the traffic without natting on the ASA.
Hope this helps
Thanks,
Varun
09-21-2011 03:18 AM
Big thanks, for this fast answer!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide