So typically a remote access VPN connection is assigned an address from a pool. The ASA is told not to NAT traffic to/from the pool even though those connections are coming from outside. Most inside devices, such as your router, should be reachable assuming the ASA has a connected interface or route to them.
One thing that needs to be taken into account is the route from that device back to the address pool. If the ASA is not the default gateway (or in the default routing path) for those inside devices, then you may need to add a static route on them making it so.
So I think I screwed up then because I have a set range for my VPN 192.168.3.0 then I have a different range for inside devices 192.168.4.0. Shouldn't there be a NaT for the 192.168.3.0 network to talk to inside devices on the 192.168.4.0 network?
Having a separate range is fine, in fact it's generally the use case presented in most Cisco documents. Whatever the range, there's typically NAT exemption for the VPN pool. That's all pretty straightforward and covered with the basic config guides out there (and accommodated by the Wizard in ASDM if you use that).
Most of the examples assume the ASA is your default gateway off the network. That makes any outbound routing considerations moot as the ASA will see all outbound traffic and know how to handle the VPN pool (nat exempt, encapsulate in VPN, forward via outgoing default route to remote peer for decapsulation).
When the ASA is not the default gateway you need to inform the interior router(s) how to get to the pool. If it's just a single L3 switch, a simple static route to the ASA inside interface generally suffices. Anything bigger and we may need to redistribute the static route into whatever IGP you use (i.e. EIGRP or OSPF in most cases) or even run the IGP on the ASA so it can advertise the subnet used by the pool.
I set the default route on my router to the inside interface ip of the asa. And I will connect the router to a switch for the servers. So I will make sure then the nat exception is on the VPN pool. I believe I used the asdm wizard to set it up with mostly defaults.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...