10-20-2010 01:11 AM
Hi, on ASA vpn peer 8.2.(x), I need to translate the remote-access IP pool, with nat/global, only for sessions bound to a particular ASA vlan: how to ?
On nat sintax I can insert only the interfaces name but which interface for traffic coming from vpn remote client ?
thanks
rs
10-20-2010 01:32 AM
Assuming that your outside interface is terminating the vpn client, then you would configure the following:
access-list vpn-nat permit ip
nat (outside) 5 access-list vpn-nat outside
global (that-internal-vlan-name) 5
Hope that helps.
11-02-2010 03:29 AM
Hi, for that about security levels, do we need the same level ?
Usually the outside is at a lower level than the other zone, but here we palce nat on outside and globla on the other zone
thank you in advance
greatings
rs
11-03-2010 10:10 PM
Yes, because the outside interface has lower security level, we need to configure the "outside" keyword as specify earlier:
nat (outside) 5 access-list vpn-nat outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide