Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
180
Views
0
Helpful
1
Replies

CIsco ASA 5506x Lan 2 Lan VPN with Inside network NAT'ed

steve.boyce
Level 1
Level 1

‎12-06-2016 04:22 AM

Hi,

I need to NAT multiple internal subnets on my ASA to a single /24 subnet which has ben specified as my encryption domain for access a remote VPN

I have the following objects configured at the moment and it works for one of my internal subnets 10.122.12.0 but i am unable to add others

I have tried changing the subnet masks to include more of my internal address space but it doesnt work and I am unable to add additional

subnets under my NAT-Source-Real object?

Object network NAT DESTINATION

subnet 10.201.0.0 255.255.0.0

Object network NAT Source-mapped

subnet 192.168.240.0 255.255.255.0 (Encryption domain to remote Checkpoint VPN)

Object network NAT-Source-Real

subnet 10.122.12.0 255.255.255.0 ( one of my internal network subnets)

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎12-06-2016 05:36 AM

You need one nat statement for each internal network that is located on a unique interface. But this is also dependent on the rest of your config.

Important here is also that each object only has one element. If you want to specify more than one element, you need to configure object-groups.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents