cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASA NAT for Remote VPN to Internet (Specific)

rob1456657
Level 1
Level 1

I'm hoping I can explain this clearly enough. I have a remote site with a site-to-site tunnel. From the Home Office and the remote site, we are allowing a split tunnel, but we need to tunnel a specific external site via the home office.

The IP Scope for this particular external entity is already defined in the Tunnel groups, so we know that traffic from the remote site headed for xyz.com is going through the tunnel. At the head office, we can see that clients from the remote site are attempting to access the site, but our NAT rule is not working correctly.

Has anyone configured such access and made it work?

The NAT rule on the head office side should be something like this:

nat (outside,outside) source dynamic REMOTE-SITE interface destination static EXTERNAL-SITE

However, this is not working. When I watch the logs on the head office ASA, I see the remote client going through, but the connection times out.

I know I am missing something simple. I hope someone can help. Thanks in advance!

Who Me Too'd this topic