Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN Client To NAT Address On ASA 5520


I have a situation where I have setup an ASA that connects to an untrusted network. This untrusted network is a L2 network that runs multiple VLANs. The L3 termination point is on the ASA - hence I have a trunk from their aggregation switch, and have configured multiple subinterfaces on the ASA - eg Gi0/0.1 for VLAN 1, Gi0/0.2 for VLAN2 etc.

This unsecured network needs access to resources on the inside interface (Gi0/3), so I have it setup so that they can establish a VPN session via Cisco Easy VPN from their PCs. However, the host they target for the VPN session is their default gateway, which is the ASA. This works ok. However, when a user moves between VLANs, they have to change the IP address that they target in the Cisco Easy VPN config to their new default gateway.

Is there a way I can use NAT to effectively have all hosts from all VLANs target a VPN session to 1 IP address?