Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to reach certain Public IP address from Client VPN

Hi there!
On cisco ASA 5510, there are some profiles for VPN clients, that reach some inside servers.
I want them to reach a public IP address to a third party....to one dedicated port.


For example:
Public IP address of 3rd party: 3.3.3.3

Port on this IP: 80

My ASA Public IP address is: 2.2.2.2

THe problem is that 3rd party...don't allow connections other than my public IP.

So, one client VPN, that has IP address of 4.4.4.4 for example, could not reach port 80 on IP 3.3.3.3, he must enter to VPN, then...to reach port 80 on IP 3.3.3.3 with a nat let say on asa IP 2.2.2.2.
Is this possible?
Regards!

  • VPN
Everyone's tags (2)
4 REPLIES
New Member

How to reach certain Public IP address from Client VPN

I've to add this extra information...
The VPN clients, enter to a 3rd interface named VPN, with Public IP 1.1.1.1.
So interfaces are like this:
INSIDE: 192.168.1.1
OUTSIDE: 2.2.2.2

VPN: 1.1.1.1
Regards!

Super Bronze

How to reach certain Public IP address from Client VPN

Hi,

Easiest way to deal with this would be to see some current configurations and the VPN "tunnel-group" name that needs to reach this 3rd party site.

If I understood correctly you would need to have the user connect to this 3rd party site through the VPN Client connection so that the connection would be visible to the 3rd party site with the ASA public IP address.

Things that affect how this is achieved would be

  • Are you using Full Tunnel or Split Tunnel VPN
  • What your software level is (NAT configuration type is different)

Essentially you need to make sure that connections towards the 3rd party site IP address are tunneled to the VPN connection and you will also have to have a NAT configuration between VPN and OUTSIDE interface to NAT the VPN users to the correct IP address. There might be other settings needed also depending on your ASA configurations.

- Jouni

New Member

How to reach certain Public IP address from Client VPN

On the clients, i'm using Split Tunnel.

Super Bronze

How to reach certain Public IP address from Client VPN

Hi,

Well you will need to add the destination IP address to the Split Tunnel ACL used. I would typically use a Standard type ACL and just add a statement for this public destination IP address.

After this you would essentially have to configure the correct NAT between VPN and OUTSIDE interface and make sure no other rule is blocking the traffic.

Again, how the above is accomplished depends on your software and also partly how your ASA is currently configured.

- Jouni

288
Views
0
Helpful
4
Replies