Hi,
i have a cisco ASA on which my company internet is running.
nat (INSIDE) 1 access-list NAT
global (OUTSIDE) 1 44.4.4.4
access-list extended NAT permit ip 10.0.0.0 255.0.0.0 any
now i have to configured IPSEC VPN on same ASA
over the VPN i have to access destination IP 7.7.7.7 from source IP 10.x.x.x
so i made
nat (INSIDE) 2 access-list SONI
global (OUTSIDE) 2 44.4.4.5
access-list SONI extended permit ip 10.0.0.0 255.0.0.0 host 7.7.7.7
Now what happening is, my traffic is getting PAT to 44.4.4.4 and going to internet, instead of patting to 44.4.4.5 and going to IPSEC TUNNEL.
so tunnel not establishing.
how can i force second GLOBAL to activate for my VPN destination 7.7.7.7 and PAT to 44.4.4.5 when i access the destination from my PC on 10.x.x.x
One solution i can think of is SWAP the sequence numbers of NAT and GLOBAL.
like make my internet NAT on SEQ 2 and my specific IPSEC SEQ on SEQ1
nat (INSIDE) 2 access-list NAT
global (OUTSIDE) 2 44.4.4.4
nat (INSIDE) 1 access-list SONI
global (OUTSIDE) 1 44.4.4.5
what other options i have? i dont want to bust internet traffic, so want some other seamless option.