I am prepping new ASA 5525-X's for a client that has multiple S2S VPN's. On some of the VPN connections, I need to do a policy nat to translate some of their subnets to a single IP address before it goes over the S2S VPN. However, when I try to use a subnet, I keep getting the following error:
Subnet cannot be used as mapped source in dynamic nat policy.
This works fine on their old ASA's which are running 8.2 code. I figured out I can use a network range, but cannot go over 65535 (or whatever it is) addresses in that range. This is very annoying when they have multiple networks they want to allow over the S2S VPN. Is there anyway around this or am I stuck creating a network range for each subnet?
Yes, that is what I am trying to do. I put that command in and it took it. However, I am somewhat confused on how the nat is written (still trying to wrap my head around post 8.3 natting). To me it seems backwards when I look at it in the ASDM since under NAT Rules -> Action: Translated Packet, it has the source has the address I need the subnet natted to as the destination and the subnet as the destination. This seems backwards.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...