Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA nat for vpn client to a single vlan

Hi, on ASA vpn peer 8.2.(x), I need to translate the remote-access IP pool, with nat/global, only for sessions bound to a particular ASA vlan: how to ?

On nat sintax I can insert only the interfaces name but which interface for traffic coming from vpn remote client ?

thanks

rs

3 REPLIES
Cisco Employee

Re: ASA nat for vpn client to a single vlan

Assuming that your outside interface is terminating the vpn client, then you would configure the following:

access-list vpn-nat permit ip

nat (outside) 5 access-list vpn-nat outside

global (that-internal-vlan-name) 5

Hope that helps.

New Member

Re: ASA nat for vpn client to a single vlan

Hi, for that about security levels, do we need the same level ?

Usually the outside is at a lower level than the other zone, but here we palce nat on outside and globla on the other zone

thank you in advance

greatings

rs

Cisco Employee

Re: ASA nat for vpn client to a single vlan

Yes, because the outside interface has lower security level, we need to configure the "outside" keyword as specify earlier:

nat (outside) 5 access-list vpn-nat outside

251
Views
5
Helpful
3
Replies
CreatePlease login to create content