I have the following scenario; due to a 3rd party issue they have no route to my Remote Access VPN IP POOL and their default gateway doesn't hit my ASA.
I want to enable NAT so that my VPN IP POOL is hidden behind the inside interface of the firewall (as they can route to that). Below is a snippet of my config but it doesn't work.. any ideas?
(The Remote Access VPN works fine to the rest of the network, details have been changed to protect the innocent ;))
ip addr 126.96.36.199 255.255.255.0
sec level 0
ip addr 192.168.1.1 255.255.255.0
sec level 100
ip local pool VPN_POOL 192.168.10.1-192.168.19.100 mask 255.255.255.0
access-list NAT_VPN permit ip 192.168.10.0 255.255.255.0 10.10.10.0 255.255.255.0
global inside 10 interface
nat (outside) 10 access-list NAT_VPN
I think the issue is that I'm implementing "NAT & Global" from a low sec-level to a high, but you can't do this command with "statics" 'cause it complains that the subnet mask in the ACL of the source isn't a host.
Thanks in Advance,