cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
5006
Views
0
Helpful
2
Replies
bmarchik1980
Beginner

Remote Access VPN, no split tunneling, internet access. NAT translation problem

Hi everyone, I'm new to the forum.  I have a Cisco ASA 5505 with a confusing (to me) NAT issue.


Single external IP address (outside interface) with multiple static object NAT translations to allow port forwarding to various internal devices.  The configuration has been working without issues for the last couple years.


I recently configured a remote access VPN without split tunneling and access to the internet and noticed yesterday that my port forwarding had stopped working.


I reviewed the new NAT rules for the VPN and found the culprit. 


I have been reviewing the rules over and over and from everything I can think of, and interpret, I'm not sure how this rule is affecting the port forwarding on the device or how to correct it.


Here are the NAT rules I have in place: (The "inactive" rule is the culprit.  As soon as I enable this rule, the port forwarding hits a wall)


nat (inside,outside) source static any any destination static VPN_Subnet VPN_Subnet no-proxy-arp route-lookup
nat (outside,outside) source static VPN_Subnet VPN_Subnet destination static VPN_Subnet VPN_Subnet no-proxy-arp route-lookup
nat (outside,outside) source dynamic VPN_Subnet interface inactive
!
object network obj_any
nat (inside,outside) dynamic interface
object network XXX_HTTP
nat (inside,outside) static interface service tcp www www
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

Any help would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Muhammed Safwan
Beginner

Try by changing the nat rule to nat (outside,outside) after-auto source dynamic VPN_Subnet interface

With Regards,

Safwan

View solution in original post

2 REPLIES 2
Muhammed Safwan
Beginner

Try by changing the nat rule to nat (outside,outside) after-auto source dynamic VPN_Subnet interface

With Regards,

Safwan

That did it

Thanks!

Create
Recognize Your Peers
Content for Community-Ad