Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

VPN NAT

Joshua Maurer
Level 1
Level 1

‎04-11-2016 08:14 AM

I want to make sure I am doing this correctly. What I would like to know is, should I brake down each server in SVR_GROUP-120 for the NAT or will it work with just this one line i have? I need the user to connect to each server and I need to connect to each of their servers with the IP of machine that the user is connected to.

object-group network SVR_GROUP-120
network-object host 10.120.13.64
network-object host 10.120.13.65
network-object host 10.120.13.96
network-object host 10.120.13.222
exit
!

object-group network 2052_VPN
group-object SVR_GROUP-120
exit
!

object-group network 2052_Company_5
description | 2052 VPN |
network-object host 10.11.222.11
network-object host 10.11.222.12
network-object 10.1.11.0 255.255.255.0
network-object 192.168.0.0 255.255.255.0
exit


access-list VPN_5051 extended permit ip object-group 2052_VPN object-group 2052_Company_5



!    NO NAT OR DOUBLE NAT ACCESS

nat (INSIDE,OUTSIDE) source static 2052_VPN 2052_VPN destination static 2052_Company_5 2052_Company_5

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-11-2016 05:48 PM

That should work fine.

Personally, I normally just create full subnet to full subnet VPNs and NAT rules, and then use access-control lists to say what they can and can not access.

Then if you need to add an extra server later on, you don't have to rebuild the VPN on both sides - you just change your access list.

0 Helpful
Customers Also Viewed These Support Documents