08-08-2016 10:06 PM
ASA 9.2
local VPN 1.1.1.1
remote network :-10.10.10.10 need to do U-Turn NAT for this public ip
client cisco any connect
Radius server :-radius01.xxx.com
VPN address pool:- 20.20.20.0/23
there is no split tunnel we need to allow full tunnel .
challenges here is for me U-TURN NAT and radius server they have given FQDN instead of IP .
08-09-2016 01:11 AM
Hello,
Is this what you are looking for? (why are you not using private rfc1918 for pool?)
object network VPN-POOL
subnet 20.20.20.0 255.255.254.0
nat (OUTSIDE,OUTSIDE) after-auto source dynamic VPN-POOL interface
same-security-traffic permit intra-interface
If you have ACL outgoing on OUTSIDE interface you need to add to ACL:
object network FQDN-RADIUS-SERVER
fqdn radius-server.com
access-list OUTSIDE-OUT extended permit <proto> object VPN-POOL object FQDN-RADIUS-SERVER eq <port>
You should se resolved IPs in ACL built dynamicly.
If not, make sure ASA has DNS access
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
//Cristian
08-09-2016 02:13 AM
Hi well, i want to do U-turn nat with public ip range 10.1.0.1(just for example)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: