Dear all,
I lost site to site vpn connectivity to one of remote office server from my office network after configured a static nat for public access for this server.
It seems static nat is preferred over nat0 (vpn) hence i cannot access server over vpn. if i remove the static nat then i can reach the server thru vpn.
Here is the config i have in remote asa.
Nat 0
-----
nat (INSIDE,OUTSIDE) source static LOCATION-A LOCATION-A destination static LOCATION-B LOCATION-B no-proxy-arp route-lookup
object-group network LOCATION-A
network-object 10.11.40.0 255.255.255.0
network-object 10.40.1.0 255.255.255.0
network-object 10.11.41.0 255.255.255.0
network-object 10.11.42.0 255.255.255.0
network-object 10.40.5.0 255.255.255.0
network-object 10.11.43.0 255.255.255.0
object-group network LOCATION-B
network-object 10.10.6.0 255.255.255.0
network-object 10.10.9.0 255.255.255.0
network-object host 10.10.2.200
route MANGMNT 10.11.43.0 255.255.255.0 10.11.40.254 1
Static nat
---------
object network TEST-SERVER
host 10.11.43.1
nat(MANGMNT,OUTSIDE) static 18.*.*.*
Version
=======
Cisco Adaptive Security Appliance Software Version 9.2(3)4
Device Manager Version 7.4(3)
Will the below nat give preference(put Nat0 on top of static nat) for NAT0 over static nat. please guide me. thanks for your response.
nat (INSIDE,OUTSIDE) 1 source static LOCATION-A LOCATION-A destination static LOCATION-B LOCATION-B no-proxy-arp route-lookup
Thanks