Solved: ASA strange code (for Anyconnect?). Please explain...

jmaxwellUSAF · ‎01-05-2023

May you please explain the relevance of this code, perhaps for the Anyconnect logic?...

object network VPN-Pool
nat (Outside,Outside) dynamic interface

...and this...

nat (Outside,Outside) source static VPN-Pool VPN-Pool destination static VPN-Pool VPN-Pool no-proxy-arp route-lookup

Thank you!

Rob Ingram · ‎01-05-2023

@jmaxwellUSAF

object network VPN-Pool
nat (Outside,Outside) dynamic interface

This allows full tunnel anyconnect RAVPN user traffic that is routed back to the ASA to be natted, to access the internet.

nat (Outside,Outside) source static VPN-Pool VPN-Pool destination static VPN-Pool VPN-Pool no-proxy-arp route-lookup

NAT Exemption rule, that allows anyconnect VPN-Pool networks to communicate with each other - without unintentially being translated. Essentially, this NAT rule is translating VPN-Pool network to itself.

View solution in original post

Rob Ingram · ‎01-05-2023

@jmaxwellUSAF

object network VPN-Pool
nat (Outside,Outside) dynamic interface

This allows full tunnel anyconnect RAVPN user traffic that is routed back to the ASA to be natted, to access the internet.

nat (Outside,Outside) source static VPN-Pool VPN-Pool destination static VPN-Pool VPN-Pool no-proxy-arp route-lookup

NAT Exemption rule, that allows anyconnect VPN-Pool networks to communicate with each other - without unintentially being translated. Essentially, this NAT rule is translating VPN-Pool network to itself.