04-29-2024 11:52 AM - edited 04-29-2024 11:58 AM
can you still do Nat 0 to get anyconnect clients direct access to IPsec tunnels that originate on the ASA
Got Anyconnect clients on the outside interface, trying to get to tunnels also on the outside interface
nat (outside) 0 access-list outside_nat0
nat (outside) 10.250.250.0 255.255.254.0
access-list outside_nat0 extended permit ip 10.249.248.0 255.255.254.0 172.23.17.0 255.255.255.0
Can I use a asa object group that contains IP ranges for my endpoint networks?
access-list outside_nat0 extended permit ip 10.249.248.0 255.255.254.0 Ext-Ipsec-SubNets
or do I have to list of them (20) line by line in the acl?
04-29-2024 02:11 PM
guess the better question is how do I in asa 9.x code allow the anyconnect clients on the outside interface direct access to the ipsec site-2-site tunnels on the same outside interface.
04-29-2024 02:19 PM - edited 04-29-2024 02:19 PM
This nat not for asa 9.0 it for 8.0' are you sure it 9.0?
MHM
04-29-2024 02:23 PM
running 9.1.x.x asa code wanting to do a nat 0 to allow anyconnect on outside interface to connect Ipsec site-to-site tunnels on the same outside interface.
04-30-2024 05:43 AM
I agree with @MHM Cisco World, the NAT commands you shared would not be supported on the ASA 9.x code. If you want to allow AnyConnect traffic to be sent out of the outside interface then you would need to create couple of network objects, one for the remote destination subnet and one for AnyConnect subnet, and then you would need to create a NAT exemption rule on the ASA. The AnyConnect subnet would also need to be added to the encryption domains for that IPsec tunnel. Example:
object network REMOTE
subnet 192.168.1.0 255.255.255.0
object network ANYCONNECT
subnet 172.16.1.0 255.255.255.0
nat (outside,outside) source static ANYCONNECT ANYCONNECT destination static REMOTE REMOTE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide