05-16-2024 04:43 PM - edited 05-16-2024 04:44 PM
Hello Everyone,
I just fixed a problem that has been quite the issue for weeks; I think I understand why, but if someone could explain it a bit more for me if I'm wrong, I would greatly appreciate it.
Basically, we have a S2S Tunnel to Azure from an ASA FP1000 Series (in ASA Mode)...Tunnel was up but no internal traffic to any of the Azure VM's (Servers) would pass. I finally fixed it by adding a NAT Rule (inside, outside, -> Azure Subnet.
My question is, if NAT in this case, needs to be Exempt for the S2S, why did I need to create that NAT Rule?
I understand that for 8.2 and below I would have to do a NO-NAT, but I'm not so sure for this issue.
I THINK it's because after the tunnel is established, I still needed a NAT for the Inside Network Subnet to translate to the Inside Azure Network Subnet.....is that accurate and true?
Thank You Very Much for any insight....
PJ
05-17-2024 12:05 AM - edited 05-17-2024 12:24 AM
It all depends on what was the interesting traffic for VPN - the source subnet on the FP/ASA side.. It possible it was the the NATed subnet...
The right way to configure is to use NO nat for VPN traffic so it is possible to have bi-directional traffic. Please take a look at this sample.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-3rdparty-device-config-cisco-asa
Technoxi
05-17-2024 12:13 AM
your run S2S route-based VPN?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide