cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

636
Views
0
Helpful
2
Replies
groupedlsi
Beginner

Need an Advice:NAT exemption with RA VPN

Hello,

I just created a remote access vpn on my ASA5510 "8.4(2)8". But I'm not sure the exception for the NAT is correct, it's working but it's more about the security (with the old version I used explicit exception rules).

In the lan side there is a subnet (192.168.254.0/24) who is using dynamic nat for internet access.

The network for remote access for vpn's user is the following 172.17.0.0/24.

When the vpn's user try to reach the subnet 192.168.254.0/24, they had the reverse path failure error.

So I have added the following nat rule before the dynamic rule for internet access:

nat (inside, outside) source static mysubnet mysubnet destination static RA_VPN_Network RA_VPN_Network

Is it correct? no security hole?

1 ACCEPTED SOLUTION

Accepted Solutions
varrao
Advocate

This is absolutely correct and this is wat you'll need. This was called nat exemption in the pre 8.3 codes, and you need it for passing the traffic without natting on the ASA.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

2 REPLIES 2
varrao
Advocate

This is absolutely correct and this is wat you'll need. This was called nat exemption in the pre 8.3 codes, and you need it for passing the traffic without natting on the ASA.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

Big thanks, for this fast answer!

Content for Community-Ad