Solved: Perfect. I made your common

Information Technology · ‎02-16-2016

Can someone help me please? I am rusty with VPN and Natting.

Scenario: I need to split tunnel my internal network. NAT traffic from 192.168.0.0/24 to 192.168.88.0/24 only when establishing a VPN connection for objects that I have defined in a specific Network Object Group (Group1Servers). Traffic destined for the internet does not get this 88 NAT, it will remain at default.

ASA5506-X, ASDM 7.5, ASA 9.5

Diego Lopez · ‎02-18-2016

Hello,

You can configure a static policy nat to translate 192.168.0.0/24 to 192.168.88.0/24 when the destination is Group1Servers, the CLI command will be:

Create objects for 192.168.0.0/24 and 192.168.88.0/24

object network obj-192.168.0.0
subnet 192.168.0.0 255.255.255.0

object network obj-192.168.88.0
subnet 192.168.88.0 255.255.255.0

NAT statement:

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.88.0 destination static Group1Servers Group1Servers

You can refer to this documentation for NAT configuration:

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Since this traffic is going over a site to site tunnel remember that the interesting traffic needs to be configured with the translated network "192.168.88.0/24" not the real, that's a common mistake just take that in mind

Regards, please rate.

View solution in original post

Diego Lopez · ‎02-18-2016