Re: Configuring NAT for webvpn traffic.

Sagarphadatare44 · ‎11-21-2018

Hi All,

Need your urgent help.

We have configured webvpn on ASA. Users are able to login to the portal but they are not able to access any of the bookmarks.

One thing I want to understand is, how to NAT users Source IP with Internal interface IP of the ASA.

Because we have created rules in backend firewall for Internal interface IP of ASA and if traffic doesn't get NATed on ASA it will have actual public IP as source IP which be blocked by backend firewall.

Can anyone help me with the details that where and how should I do NAT configuration in ASDM/CLI?

Shakti Kumar · ‎11-21-2018

hi,

There is no concept of NAT with webvpn.

ASA acts as a proxy, so for a connection to an Internal server, the server would be seeing the inside IP address of the ASA assuming that the server is connected via inside interface.

Thanks
Shakti

Sagarphadatare44 · ‎11-21-2018

Thanks Shakti,

So that means ASA by default does the NATing and connects to backend server with its own inside interface IP?

In this case I need to only allow inside interface IP for destination in back firewall.

Is it right understanding?

---

Regards,
Sagar Phadatare

Shakti Kumar · ‎11-22-2018

hi,

Well NAT'ing is not the right word here, ASA does a proxy with it's own IP address.

Yes, you need to permit the INSIDE IP address of the ASA.

PS:- Please mark the answer correct if it is helpful

Thanks,

Shakti