Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Access NAT Host by Clientless VPN

Hi,

I have a 5520 ASA with a server in DMZ that can be accessed from internet and from LAN using public IP Address (static NAT for DMZ server) . Also VPN Users can access to this server using public IP address sending the public subnet addresses to the remote users with split tunneling ACL. The problem we have is that we need Clientless Remote users access to this server attacking again public address too and it does not work. It only work fine when Clientless remote users access to DMZ server private address. We need all connection to this server be done again public address for web server page code.

I cannot use split tunnel for Clientless remote users and apparently connection has the ASA as source for this traffic. Somebody know if it is possible or some idea what can I test?

Thank you,

Regards, 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Access NAT Host by Clientless VPN

Unfortunately this is not possible because for Clientless VPN, the ASA is proxying the connection as it is not a full tunnel VPN. Hence, it can only proxy the connection on the real address, not on the NATed address.

1 REPLY
Cisco Employee

Re: Access NAT Host by Clientless VPN

Unfortunately this is not possible because for Clientless VPN, the ASA is proxying the connection as it is not a full tunnel VPN. Hence, it can only proxy the connection on the real address, not on the NATed address.

172
Views
0
Helpful
1
Replies