Solved: Re: Anyconnect NAT issue

peat · ‎09-14-2018

Whilst going through the Anyconnect wizard at the end my setup came up with this error on the NAT command.

[ERROR] nat (inside,WAN) 2 source static PWDHC PWDHC destination static NETWORK_OBJ_10.10.20.0_24 NETWORK_OBJ_10.10.20.0_24 no-proxy-arp route-lookup

[ERROR] nat (inside,WAN) 2 source static PWDHC PWDHC destination static NETWORK_OBJ_10.1 ^0.20.0_24 NETWORK_OBJ_10.10.20.0_24 no-proxy-arp route-lookup

ERROR: % Invalid input detected at '^' marker.

I couldnt work out why this happened as on my testing the anyconnect wizard worked fine. (Although that was just a basic test with 1 pub ip and no bridge interfaces).

I tried changing PWDHC PWDHC to any4 any4 instead but that didnt fix it.

Could it be something to do with 'inside' being BVI1 with 2 ints in it? Should I point the NAT to the physical interface the PWDHC server is physically connected to rather than BVI1?

Cheers

Ben Walters · ‎09-14-2018

You are correct, at this time it is not possible to NAT to BVI interfaces, you can however, create NAT statements for each physical port in the BVI.

Here is another similar thread to what you have setup.

https://community.cisco.com/t5/firewalls/asa-9-9-1-nat-to-single-interface-working-but-nat-to-bvi-gives/td-p/3336139

View solution in original post

Ben Walters · ‎09-14-2018

You are correct, at this time it is not possible to NAT to BVI interfaces, you can however, create NAT statements for each physical port in the BVI.

Here is another similar thread to what you have setup.

https://community.cisco.com/t5/firewalls/asa-9-9-1-nat-to-single-interface-working-but-nat-to-bvi-gives/td-p/3336139

peat · ‎09-14-2018

Thanks.

Doing it to the physical port got it working.