cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
623
Views
0
Helpful
2
Replies

IPSec VPN (Remote Access VPN) - Dynamic NAT

Hello Dear Group

I have as ASA 5510 is configured for Remote Access VPN, ASA authenticates Remoter Clients with Radius Server (Accounting Software) and will Assigne an IP Address from VPN-Pool (172.16.20.0/24) . All prose in authentiction use with radius server is successful, but there is no any iternet browsing on client side. I have configured a Dynamic NAT Rule on  outside ASA interface as I write in the below :

Interface : Outside

Source : VPN-Users Object (Address Pool 172.16.20.0/24)

Translate to Outbound interface.

the NAT Rule in above doesn't work. ( I think traffice is not returing to VPN POOL Address via outside interface)

Note : this VPN Users have to access to INTERNET only. (because of that the range of pool address is different with Inside Network Interface)

Its a favor if you help me how to NAT .

Thank You

Best Regards

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Would really need to see your current NAT configurations in CLI format to determine the problem.

Naturally the problem might be as simple as missing the following command on the ASA

same-security-traffic permit intra-interface

This command is required on the ASA for traffic to come through an interface and leave through the same interface. In your case this interface would be the "Outside" as the VPN Client traffic is coming to the ASA through that interface as is trying to leave through that interface towards the Internet.

- Jouni

View solution in original post

2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Would really need to see your current NAT configurations in CLI format to determine the problem.

Naturally the problem might be as simple as missing the following command on the ASA

same-security-traffic permit intra-interface

This command is required on the ASA for traffic to come through an interface and leave through the same interface. In your case this interface would be the "Outside" as the VPN Client traffic is coming to the ASA through that interface as is trying to leave through that interface towards the Internet.

- Jouni

Thank You

Sent from Cisco Technical Support iPad App