I have a situation where I have setup an ASA that connects to an untrusted network. This untrusted network is a L2 network that runs multiple VLANs. The L3 termination point is on the ASA - hence I have a trunk from their aggregation switch, and have configured multiple subinterfaces on the ASA - eg Gi0/0.1 for VLAN 1, Gi0/0.2 for VLAN2 etc.
This unsecured network needs access to resources on the inside interface (Gi0/3), so I have it setup so that they can establish a VPN session via Cisco Easy VPN from their PCs. However, the host they target for the VPN session is their default gateway, which is the ASA. This works ok. However, when a user moves between VLANs, they have to change the IP address that they target in the Cisco Easy VPN config to their new default gateway.
Is there a way I can use NAT to effectively have all hosts from all VLANs target a VPN session to 1 IP address?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...