cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
0
Helpful
4
Replies

NAT

Hi,

Solution : remote users connect to the ASA outside interface through AnyConnect.there is no any routing or nat to inside interface.
Problem 1 : authentication test is successful and password is checking by radius server, but user is not appears on the accounting consol.
Problem 2 : NAT rule ( outside,outside) doesn't work, does any body have a sample configuration same as my solution ?

Source address : VPN Users
Source interface: outside
Destination add : any
Destination int : outside

Thank You
Best Regards


Sent from Cisco Technical Support iPad App

2 Accepted Solutions

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I am not sure what the problem is with your first point and I am not sure what you mean.

With regards to the second problem, do you mean that you are not able to perform NAT from "outside" to "outside" so that the VPN users can connect to the Internet?

A very simple Dynamic PAT configurations for VPN users could be done in the following way

object network VPN-PAT

subnet

nat (outside,outside) dynamic interface

Notice that you will also need to add this command if you dont have it yet. It will enable traffic to enter through the "outside" interface and leave through the "outside" interface which would need to happen when VPN users access Internet through the ASA.

same-security-traffic permit intra-interface

Hope this helps

- Jouni

View solution in original post

Hi,

Jouni, you are absolutely correct

On the other hand, for the first point, make sure you add your RADIUS server as the account server under the tunnel-group:

tunnel-group your-group general-attributes

  accounting-server-group your-RADIUS-server-group

HTH.

- Javier

View solution in original post

4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I am not sure what the problem is with your first point and I am not sure what you mean.

With regards to the second problem, do you mean that you are not able to perform NAT from "outside" to "outside" so that the VPN users can connect to the Internet?

A very simple Dynamic PAT configurations for VPN users could be done in the following way

object network VPN-PAT

subnet

nat (outside,outside) dynamic interface

Notice that you will also need to add this command if you dont have it yet. It will enable traffic to enter through the "outside" interface and leave through the "outside" interface which would need to happen when VPN users access Internet through the ASA.

same-security-traffic permit intra-interface

Hope this helps

- Jouni

Hi,

Jouni, you are absolutely correct

On the other hand, for the first point, make sure you add your RADIUS server as the account server under the tunnel-group:

tunnel-group your-group general-attributes

  accounting-server-group your-RADIUS-server-group

HTH.

- Javier

Hi,

Thank you,
Its working fine
Appreciate

Sent from Cisco Technical Support iPad App

You are welcome

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: