08-08-2016 10:06 PM
ASA 9.2
local VPN 1.1.1.1
remote network :-10.10.10.10 need to do U-Turn NAT for this public ip
client cisco any connect
Radius server :-radius01.xxx.com
VPN address pool:- 20.20.20.0/23
there is no split tunnel we need to allow full tunnel .
challenges here is for me U-TURN NAT and radius server they have given FQDN instead of IP .
08-09-2016 01:11 AM
Hello,
Is this what you are looking for? (why are you not using private rfc1918 for pool?)
object network VPN-POOL
subnet 20.20.20.0 255.255.254.0
nat (OUTSIDE,OUTSIDE) after-auto source dynamic VPN-POOL interface
same-security-traffic permit intra-interface
If you have ACL outgoing on OUTSIDE interface you need to add to ACL:
object network FQDN-RADIUS-SERVER
fqdn radius-server.com
access-list OUTSIDE-OUT extended permit <proto> object VPN-POOL object FQDN-RADIUS-SERVER eq <port>
You should se resolved IPs in ACL built dynamicly.
If not, make sure ASA has DNS access
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
//Cristian
08-09-2016 02:13 AM
Hi well, i want to do U-turn nat with public ip range 10.1.0.1(just for example)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide