Hi Tom,
To accomplish this you will need u-turn configuration, to define when the packets from the VPN client ingress to the outside interface, they won't try to find the destination on the inside interface therefore we will need to define this:
1. This command will enable U-turning on the ASA:
IP local pool VPN_Client_IPs 192.168.11.0-192.168.11.0 mask 255.255.255.0
- ciscoasa(config)# same-security-traffic permit intra-interface
2. Then we will define a NAT 0 statement on the outside:
for example:
8.3 NAT:
object network obj-192.168.11.0
subnet 192.168.11.0 255.255.255.0
nat (outside,outside) 1 source static obj-192.168.11.0 obj-192.168.11.0 destination static obj-192.168.11.0 obj-192.168.11.0 no-proxy-arp route-lookup
This is an explicit example on ASAs, you can follow this logic.
What do you have on your network as the VPN server?
What type of VPN software are you using?
Let me know if this work for you.
Please don't forget to rate,
Best Regards,
David Castro,