Access NAT Host by Clientless VPN

Answered Question
Aug 25th, 2010

Hi,

I have a 5520 ASA with a server in DMZ that can be accessed from internet and from LAN using public IP Address (static NAT for DMZ server) . Also VPN Users can access to this server using public IP address sending the public subnet addresses to the remote users with split tunneling ACL. The problem we have is that we need Clientless Remote users access to this server attacking again public address too and it does not work. It only work fine when Clientless remote users access to DMZ server private address. We need all connection to this server be done again public address for web server page code.

I cannot use split tunnel for Clientless remote users and apparently connection has the ASA as source for this traffic. Somebody know if it is possible or some idea what can I test?

Thank you,

Regards, 

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 3 months ago

Unfortunately this is not possible because for Clientless VPN, the ASA is proxying the connection as it is not a full tunnel VPN. Hence, it can only proxy the connection on the real address, not on the NATed address.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Wed, 08/25/2010 - 04:21

Unfortunately this is not possible because for Clientless VPN, the ASA is proxying the connection as it is not a full tunnel VPN. Hence, it can only proxy the connection on the real address, not on the NATed address.

Actions

This Discussion