Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

Need configuration assistance for client to site vpn

vasanthmanoharan
Level 1
Level 1

‎08-08-2016 10:06 PM

ASA 9.2

local VPN 1.1.1.1

remote network :-10.10.10.10  need to do U-Turn NAT for this public ip

client cisco any connect

Radius server :-radius01.xxx.com


VPN address pool:- 20.20.20.0/23

there is no split tunnel we need to allow full tunnel .

challenges here is for me U-TURN NAT and radius server they have given FQDN instead of IP .

Labels:
0 Helpful
2 Replies 2

Cristian Nilsson
Level 1
Level 1

‎08-09-2016 01:11 AM

Hello,

Is this what you are looking for? (why are you not using private rfc1918 for pool?)

object network VPN-POOL
 subnet 20.20.20.0 255.255.254.0
nat (OUTSIDE,OUTSIDE) after-auto source dynamic VPN-POOL interface
same-security-traffic permit intra-interface

If you have ACL outgoing on OUTSIDE interface you need to add to ACL:

object network FQDN-RADIUS-SERVER
 fqdn radius-server.com
access-list OUTSIDE-OUT extended permit <proto> object VPN-POOL object FQDN-RADIUS-SERVER eq <port>

You should se resolved IPs in ACL built dynamicly.

If not, make sure ASA has DNS access

dns domain-lookup OUTSIDE
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4

//Cristian

0 Helpful

vasanthmanoharan
Level 1
Level 1
In response to Cristian Nilsson

‎08-09-2016 02:13 AM

Hi well, i want to do U-turn nat with public ip range 10.1.0.1(just for example)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents