I have an ASA 5540, running 8.0 software.
Interface "IN" (security level 100) has subnet 192.168.1.0/27 directly connected
Interface "OUT" (security level 100) has a route to 192.168.0.0/16.
Interface VPN (Security level 50) is for VPN clients to connect into. VPN Clients are issued addresses from a pool of 10.0.1.0/24
I want the ASA to NAT all requests from any VPN client going out *either* IN or OUT interfaces.
The ASA appears to be NATing traffic going out the IN interface, but not the OUT interface. Syslog shows the message:
No translation group found for tcp src VPN:10.0.1.x/y dst OUT:192.168.2.1/23
My NAT commands are:
global (IN) 1 interface
global (OUT) 1 interface
nat (VPN) 0 access-list VPN_nat0_outbound
nat (VPN) 0 access-list VPN_nat0_outbound_1 outside
nat (VPN) 1 10.0.1.0 255.255.255.0 outside
nat (VPN) 0 access-list IN_nat0_outbound
What am I doing wrong ?