Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT

Hi,

Solution : remote users connect to the ASA outside interface through AnyConnect.there is no any routing or nat to inside interface.
Problem 1 : authentication test is successful and password is checking by radius server, but user is not appears on the accounting consol.
Problem 2 : NAT rule ( outside,outside) doesn't work, does any body have a sample configuration same as my solution ?

Source address : VPN Users
Source interface: outside
Destination add : any
Destination int : outside

Thank You
Best Regards


Sent from Cisco Technical Support iPad App

  • VPN
2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

NAT

Hi,

I am not sure what the problem is with your first point and I am not sure what you mean.

With regards to the second problem, do you mean that you are not able to perform NAT from "outside" to "outside" so that the VPN users can connect to the Internet?

A very simple Dynamic PAT configurations for VPN users could be done in the following way

object network VPN-PAT

subnet

nat (outside,outside) dynamic interface

Notice that you will also need to add this command if you dont have it yet. It will enable traffic to enter through the "outside" interface and leave through the "outside" interface which would need to happen when VPN users access Internet through the ASA.

same-security-traffic permit intra-interface

Hope this helps

- Jouni

NAT

Hi,

Jouni, you are absolutely correct

On the other hand, for the first point, make sure you add your RADIUS server as the account server under the tunnel-group:

tunnel-group your-group general-attributes

  accounting-server-group your-RADIUS-server-group

HTH.

- Javier

4 REPLIES
Super Bronze

NAT

Hi,

I am not sure what the problem is with your first point and I am not sure what you mean.

With regards to the second problem, do you mean that you are not able to perform NAT from "outside" to "outside" so that the VPN users can connect to the Internet?

A very simple Dynamic PAT configurations for VPN users could be done in the following way

object network VPN-PAT

subnet

nat (outside,outside) dynamic interface

Notice that you will also need to add this command if you dont have it yet. It will enable traffic to enter through the "outside" interface and leave through the "outside" interface which would need to happen when VPN users access Internet through the ASA.

same-security-traffic permit intra-interface

Hope this helps

- Jouni

NAT

Hi,

Jouni, you are absolutely correct

On the other hand, for the first point, make sure you add your RADIUS server as the account server under the tunnel-group:

tunnel-group your-group general-attributes

  accounting-server-group your-RADIUS-server-group

HTH.

- Javier

New Member

Re: NAT

Hi,

Thank you,
Its working fine
Appreciate

Sent from Cisco Technical Support iPad App

Re: NAT

You are welcome

147
Views
0
Helpful
4
Replies