cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
459
Views
0
Helpful
18
Replies
Beginner

Re: Change Interfaces

Federico,

I am sorry for not getting back to you sooner.  I had several production problems yesterday.  All my VPN groups have been setup for split-tunneling.  I see networks under statistics.  I have removed nat (Outside) statement.  Just wondering if had nat (Outside) statement, would it affect anything?  Would it affect performance?  But, I am glad that I ask the question.

Thanks.

Laura

Highlighted

Re: Change Interfaces

Laura,

The only reason that you would possibly need the command:

nat (Outside) 1 192.168.101.0 255.255.255.0

is in case you want to do NAT for the VPN pool when going out another interface.

The most clear example, is when you want the ASA to provide Internet access to the VPN clients.

So, the VPN clients connect to the ASA (sending all traffic = without split-tunneling) and the ASA translates the connections to the outside interface to re-route the traffic backout the outside interface.

If this is not the case (since you're using split-tunneling and therefore not sending the Internet traffic from the VPN clients to the ASA), there's no reason to have that command in your configuration.

Hope it helps.

Federico.

View solution in original post

Highlighted
Beginner

Re: Change Interfaces

Federico,

Thanks very much for taking time to explain to me about the NAT (Outside) statement.  I have removed it since we setup Split-tunneling for all the groups.

Again, I want to thank you for taking time to help solving my problems and explaining technical questions.

Laura

Highlighted

Re: Change Interfaces

Laura,

You're very much welcome and thank you for the ratings.

Cheers ;-)

Federico.