I am trying to setup NAT rule to enable the connection to the VPN server from the outside in my ASA 5505. I already have configured a Lan to Lan VPN which is working fine, however, after adding the following Static NAT rule I lost connectivity with the Lan to Lan VPN.
static (inside,outside) interface 192.168.1.211 netmask 255.255.255.255 tcp 0 0 udp 0
After applying, I get this error:
WARNING: static redirecting all traffics at outside interface;
WARNING: all services terminating at outside interface are disabled.
The scenario is:
2 interfaces (inside, outside)
VPN machine that will accept connections: 192.168.1.211
I am trying to forward all the VPN traffic from outside to the VPN machine
My configuration at this moment is as follows:
access-list 101 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list outside_access_in extended permit gre any 83.244.x.x 255.255.255.224
access-list outside_access_in extended permit gre any host 192.168.1.211
access-list outside_access_in extended permit tcp any 83.244.x.x 255.255.255.224 eq pptp
VPN runs on specific ports/protocols, so you would only need to redirect specific ports as you can't configure static one to one if you are using the ASA outside interface ip address for NATing.
Base on the configuration, I assume that you would like to redirect your PPTP traffic? If this is correct, here is what you would need to configure:
static (inside,outside) tcp interface 1723 192.168.1.211 1723 netmask 255.255.255.255
and you would also need to enable PPTP inspection.
Alternatively, if you have spare public ip address that you would like to use, then you can configure static 1 to 1 NAT:
static (inside,outside) 83.244.x.x 192.168.1.211
Hope that helps.