Re: Routing a network behind a Cisco Anyconnect Client to Cisco Asa Inside Network

r.bumanlag · ‎02-12-2021

Hi All,

I would like to know if this is possible:

10.10.0.0/24 ------- (Internal Network) VPS Server 192.168.200.2(Cisco Anyconnect Client) ------- 192.168.200.1 Cisco ASA ------- 172.16.0.0/24

Based on the diagram, I would like for 10.10.0.0/24 to communicate (behind Cisco Anyconnect VPN Client) to 172.16.0.0/24 (Behind Cisco ASA (Inside)).

What I am currently doing is doing a NAT from 10.10.0.0/24 then I will NAT the traffic to 172.16.0.0/24 via 192.168.200.2.

I would like to change this setup, since 172.16.0.0/24 is only seeing 192.168.200.2 since 10.10.0.0/24 undergoing NAT.

What I want is for 172.16.0.0/24 to be able to see 10.10.0/24, what do I need to consider for this setup?

Current scenario does not allow IPSEC Site to Site VPN. that is why I am thinking of doing the routing via Cisco Anyconnect SSL VPN.

Thanks!

flamingbk · ‎02-17-2021

Hello,

The AnyConnect is the default gateway for this connection?

Please, send a nat configuration for this scenario. I think a simple ""no nat"" can solve this issue if the subnets don't overlap in the network path.

Regards,

Fernando

r.bumanlag · ‎02-18-2021

Hi Fernando,

My plan is for

10.10.0.0/24 the gateway will be 192.168.200.2 (Anyconnect Subnet) to reach Cisco inside network 172.16.0.0/24.

I am still new to cisco ASA and still want to know if the solutions is possible.

below configs were added.

Added route to 10.10.0/24

route outside 10.10.10.0 255.255.255.0 192.168.200.2 1

How could I disable NAT?

Thanks!