Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
2
Replies

IPSec VPN (Remote Access VPN) - Dynamic NAT

Go to solution
AliYashar Ladani
Level 1
Level 1

‎01-01-2014 04:33 AM - edited ‎02-21-2020 07:25 PM

Hello Dear Group

I have as ASA 5510 is configured for Remote Access VPN, ASA authenticates Remoter Clients with Radius Server (Accounting Software) and will Assigne an IP Address from VPN-Pool (172.16.20.0/24) . All prose in authentiction use with radius server is successful, but there is no any iternet browsing on client side. I have configured a Dynamic NAT Rule on  outside ASA interface as I write in the below :

Interface : Outside

Source : VPN-Users Object (Address Pool 172.16.20.0/24)

Translate to Outbound interface.

the NAT Rule in above doesn't work. ( I think traffice is not returing to VPN POOL Address via outside interface)

Note : this VPN Users have to access to INTERNET only. (because of that the range of pool address is different with Inside Network Interface)

Its a favor if you help me how to NAT .

Thank You

Best Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-01-2014 06:42 AM

Hi,

Would really need to see your current NAT configurations in CLI format to determine the problem.

Naturally the problem might be as simple as missing the following command on the ASA

same-security-traffic permit intra-interface

This command is required on the ASA for traffic to come through an interface and leave through the same interface. In your case this interface would be the "Outside" as the VPN Client traffic is coming to the ASA through that interface as is trying to leave through that interface towards the Internet.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-01-2014 06:42 AM

Hi,

Would really need to see your current NAT configurations in CLI format to determine the problem.

Naturally the problem might be as simple as missing the following command on the ASA

same-security-traffic permit intra-interface

This command is required on the ASA for traffic to come through an interface and leave through the same interface. In your case this interface would be the "Outside" as the VPN Client traffic is coming to the ASA through that interface as is trying to leave through that interface towards the Internet.

- Jouni

0 Helpful

Go to solution
AliYashar Ladani
Level 1
Level 1
In response to Jouni Forss

‎02-08-2014 11:27 AM

Thank You

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents