Hi I'm trying to write some NAT rules for my VPN Connections (y.y.y.y) through my Outside interface (x.x.x.x)
to be able to get full access to my internal network (z.z.z.z)
I thought i had the proper NAT going but maybe it's my access rule that doesnt work? I've setup a secured-route to my internal network (z.z.z.z) using the split tunneling for my AnyConnect client (over SSL).
My logs are showing
Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside: y.y.y.y dst inside: z.z.z.z denied due to NAT reverse path failure
I've read about Exemption Rules for NATing but what i tried didnt work.
Unfortunately i'm only familiar with the ASDM interface...
My NAT rule (relating to the VPN) looks like this:
| # | Source Intf | Dest Intf | Source | Destination | Service | Source | Destination | Service | Options |
| 1 | outside | inside | y.y.y.y/24 | z.z.z.z/24 | any | -- Original -- | -- Original -- | -- Original -- | No Proxy ARP,Route Lookup |
| 2 | inside | any | z.z.z.z/24 | y.y.y.y/24 | any | -- Original -- | -- Original -- | -- Original -- | No Proxy ARP,Route Lookup |
| 14 | inside | outside | 0.0.0.0/0 | any | any | 0.0.0.0/0 | -- Original -- | -- Original -- | |
My Access Rules (relating to the VPN) look like this
| # | Enabled | Source | User | Destination | Security Group | Service | Action |
| inside (2 incoming rules) |
| 1 | True | any4 | | any4 | | ip | Permit |
| inside (4 outgoing rules) |
| 3 | True | any4 | | any4 | | ip | Permit |
| outside (5 incoming rules) |
| 5 | True | y.y.y.y/24 | | z.z.z.z/24 | | ip | Permit |
Any pointer is appreciated. I had this configuration documented somewhere as it used to work...
But i think it might have had some Exemption Rules which i cant replicate.
