ā05-11-2022 03:48 PM - edited ā05-11-2022 04:27 PM
Good day , I really need some help with a project for my company remote workers. We have ASA split tunnel set up and has secure cloud servers which could only access from our LAN . . How can i get my VPN users 192.168.200.x to access this secure cloud system which is using public ip.
ASA Version 8.2(3)
ā05-11-2022 07:58 PM
Ensure you include the secure cloud server IP address into the split tunnel ACL. Setup a NAT statement which looks like below.
object network VPN_POOL
subnet 192.168.200.0 255.255.255.0
nat (outside,outside) dynamic interface
Then add - same-security-traffic permit intra-interface so that traffic can land and exit on the same interface.
ā05-12-2022 06:18 AM
Thanks, will this work for ASA Version 8.2(3)?
ā05-12-2022 06:33 AM
I have this in place already,
nat-control
global (outside) 1 interface
nat (inside) 0 access-list 415
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
static (dmz,outside) x.x.x.x 192.168.x.x netmask 255.255.255.255
static (inside,dmz) 192.168.1x.0 192.168.x.0 netmask 255.255.255.192
static (inside,outside) 12.1.1.x 172.13.x.x netmask 255.255.255.255
Would this VPN pool nat damage what i have in place already ? Since i already have static
object-group network VPN_IP_Pool_
description Remote Access
network-object 192.168.135.0 255.255.255.0
nat (outside) 1 192.168.135.0 255.255.255.0
ā05-12-2022 06:18 PM
Yea that NAT (nat (outside) 1 192.168.135.0 255.255.255.0) should do the job and it will translate any outbound connections to Internet. Ensure you configure necessary NAT exemption for traffic between VPN pool and internal networks.
ā05-11-2022 08:21 PM - edited ā05-11-2022 08:24 PM
I agree with @UdupiKrishna.
Also, if those servers are public and no such requirement of traffic going over tunnel, they should to reachable even without adding them in split tunnel. In this case, traffic would go in plain text (outside of tunnel) though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide