Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
5
Helpful
3
Replies

ASA nat for vpn client to a single vlan

r.spiandorello
Level 1
Level 1

‎10-20-2010 01:11 AM

Hi, on ASA vpn peer 8.2.(x), I need to translate the remote-access IP pool, with nat/global, only for sessions bound to a particular ASA vlan: how to ?

On nat sintax I can insert only the interfaces name but which interface for traffic coming from vpn remote client ?

thanks

rs

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-20-2010 01:32 AM

Assuming that your outside interface is terminating the vpn client, then you would configure the following:

access-list vpn-nat permit ip

nat (outside) 5 access-list vpn-nat outside

global (that-internal-vlan-name) 5

Hope that helps.

r.spiandorello
Level 1
Level 1
In response to Jennifer Halim

‎11-02-2010 03:29 AM

Hi, for that about security levels, do we need the same level ?

Usually the outside is at a lower level than the other zone, but here we palce nat on outside and globla on the other zone

thank you in advance

greatings

rs

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to r.spiandorello

‎11-03-2010 10:10 PM

Yes, because the outside interface has lower security level, we need to configure the "outside" keyword as specify earlier:

nat (outside) 5 access-list vpn-nat outside

0 Helpful
Customers Also Viewed These Support Documents