01-26-2017 11:01 AM
Hello All,
I have a Cisco ASA 5550 that I have all my static routes setup on and everything seems to work just fine. The issue I am having is with NAT and my Anyconnect VPN clients needing a NAT statement in order to go from an Internal Pool address into my network. The minute I take the NAT statement out even though I have given them access to the network, communication stops.
Here is what I have:
Client IP Pool: 192.168.209.0/24
Inside Network: 10.0.0.0/18
I have setup an access list saying access-list VPN_Access extended permit ip 192.168.209.0/24 10.0.0.0/18.
I have also setup a split-tunnel to have access to the network (10.0.0.0/18)
Am I doing something incorrectly? Is it because it has nowhere to route? I didn't add a static route for these addresses unless it was from the inside going out.
Hopefully this wasn't too confusing.
Thanks,
01-26-2017 11:04 AM
More than likely, is is a nat statement saying "not to do nat" that you need.
01-26-2017 11:06 AM
When I remove the NAT statement saying to go from my internal to the VPN IP Pool, I get no more connectivity. I add it back and it works again.
01-26-2017 11:09 AM
I don't understand your problem. You need the NAT statement. It is working.
01-26-2017 11:11 AM
I guess my biggest question is, Why do I need it? Can I set a route on my L3 switch so that the traffic knows where to go? It is just a different IP address space as far as anything is concerned. It is tunneled into my whole network. I guess I just don't understand why a NAT statement.
01-27-2017 11:50 AM
Do you have any ideas on this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide