Solved: NAT issues with AnyConnect and ASA 8.3

corey.mckinney · ‎11-23-2011

I have AnyConnect configured on an ASA 8.3. I'm connecting just fine and pulling an IP address from the pool that I created. The problem I'm having is I am not seeing any "receive" packets in the AnyConnect details. I know on the ASA 8.2 and earlier you would use an "Exempt" NAT to do identity translation. How is that done with 8.3 and later?

ajay chauhan · ‎11-23-2011

Within 8.3 and later the networks are defined as objects via the use of object groups. These object groups are then referenced within the NAT statement to define both the pre and post NAT (real / mapped) addresses.

object network LOCAL_LAN
subnet 192.168.0.0 255.255.0.0
object network REMOTE_LAN
subnet 172.16.0.0 255.255.0.0
nat (inside,outside) source static LOCAL_LAN LOCAL_LAN destination static REMOTE_LAN REMOTE_LAN

View solution in original post

ajay chauhan · ‎11-23-2011

Within 8.3 and later the networks are defined as objects via the use of object groups. These object groups are then referenced within the NAT statement to define both the pre and post NAT (real / mapped) addresses.

object network LOCAL_LAN
subnet 192.168.0.0 255.255.0.0
object network REMOTE_LAN
subnet 172.16.0.0 255.255.0.0
nat (inside,outside) source static LOCAL_LAN LOCAL_LAN destination static REMOTE_LAN REMOTE_LAN

corey.mckinney · ‎11-25-2011

Thank you!!! It's going to take a little time to get used to this new format.