06-03-2010 08:53 AM
Hi,
I have this client that needs to configure u-turn for the VPN client traffic to get out to the Internet on the ASA.
I have done this on previous versions, i.e (assuming the VPN pool is 192.168.1.x)
nat (outside) 5 192.168.1.0 255.255.255.0 outside
global (outside) 5 interface
same-security-traffic permit intra-interface
My question is in 8.3
How is the NAT migration for the above configuration to work on 8.3?
Thank you,
Federico.
06-03-2010 07:12 PM
Don't worry, finally figure it out.
For the VPN pool: 192.168.115.x
object network obj-192.168.115.0
nat (outside,outside) dynamic interface
Federico.
06-03-2010 07:50 PM
Hi,
On this same question...
I'm trying to block certain web sites for the remote VPN clients on the ASA using MPF.
Sample config:
regex block1 "facebook\.com"
class-map type inspect http match-any block-url-class
match request header host regex block1
policy-map type inspect http block-url-policy
parameters
class block-url-class
drop-connection log
policy-map global_policy
class inspection_default
inspect http block-url-policy
service-policy global_policy global
This works for internal users, but not for the remote VPN clients that terminate on the ASA and then are rerouted to the Internet by the ASA.
Does the application inspection not apply for u-turn traffic like this? Is there a way to make it work?
Thank you,
Federico.
06-03-2010 09:14 PM
I needed to apply the service-policy to the outside interface and not ''global''
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide