We are using AnyConnect Essentials on a 5540 ASA running version 8.2.1
We have set up several VPN groups who are assigned addresses from several different IP address pools; all of this is working fine.
Our issue is that we would like to NAT each group of IP addresses to ONE IP address for all inbound traffic - (long historical story) and it doesn't seem to work.
Here's the relevant config;
- the VPN terminates on the Outside interface.
-the IP address pool for this particular group is 10.1.1.0 /24
-no split-tunneling enabled
nat (Outside) 25 10.1.1.0 255.255.255.0
global (Inside) 25 172.22.100.1
When I connect to this VPN group I receive and address in the 10.1.1.0 pool, but the address translation to 172.22.100.1 does not happen.
There are no errors.
It's as if the VPN connections are just ignoring the NAT and GLOBAL commands.
Is it not possible to do this or am I missing part of the necessary config?