Solved: Re: Change Interfaces - Page 2

laurabolda · ‎04-26-2010

I setup port 0 as an Inside interface and port 1 as an Outside interface. I would like to switch them (port 0 = outside, port 1 = inside). Do I connect to the ASA through the Console Port or Management Port to make this change? I was connecting through SSH and ASA did not allow me to save this change. Thanks.

laurabolda · ‎04-28-2010

Federico,

I am sorry for not getting back to you sooner. I had several production problems yesterday. All my VPN groups have been setup for split-tunneling. I see networks under statistics. I have removed nat (Outside) statement. Just wondering if had nat (Outside) statement, would it affect anything? Would it affect performance? But, I am glad that I ask the question.

Thanks.

Laura

Federico Coto Fajardo · ‎04-28-2010

Laura,

The only reason that you would possibly need the command:

nat (Outside) 1 192.168.101.0 255.255.255.0

is in case you want to do NAT for the VPN pool when going out another interface.

The most clear example, is when you want the ASA to provide Internet access to the VPN clients.

So, the VPN clients connect to the ASA (sending all traffic = without split-tunneling) and the ASA translates the connections to the outside interface to re-route the traffic backout the outside interface.

If this is not the case (since you're using split-tunneling and therefore not sending the Internet traffic from the VPN clients to the ASA), there's no reason to have that command in your configuration.

Hope it helps.

Federico.

laurabolda · ‎04-28-2010

Federico,

Thanks very much for taking time to explain to me about the NAT (Outside) statement. I have removed it since we setup Split-tunneling for all the groups.

Again, I want to thank you for taking time to help solving my problems and explaining technical questions.

Laura

Federico Coto Fajardo · ‎04-28-2010

Laura,

You're very much welcome and thank you for the ratings.

Cheers ;-)

Federico.