Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

U-turn on ASA 8.3

Hi,

I have this client that needs to configure u-turn for the VPN client traffic to get out to the Internet on the ASA.

I have done this on previous versions, i.e (assuming the VPN pool is 192.168.1.x)

nat (outside) 5 192.168.1.0 255.255.255.0 outside

global (outside) 5 interface

same-security-traffic permit intra-interface

My question is in 8.3

How is the NAT migration for the above configuration to work on 8.3?

Thank you,


Federico.

3 REPLIES

Re: U-turn on ASA 8.3

Don't worry, finally figure it out.

For the VPN pool: 192.168.115.x

object network obj-192.168.115.0
nat (outside,outside) dynamic interface

Federico.

Re: U-turn on ASA 8.3

Hi,

On this same question...

I'm trying to block certain web sites for the remote VPN clients on the ASA using MPF.

Sample config:

regex block1 "facebook\.com"

class-map type inspect http match-any block-url-class
match request header host regex block1

policy-map type inspect http block-url-policy
parameters
class block-url-class
  drop-connection log

policy-map global_policy
class inspection_default
  inspect http block-url-policy

service-policy global_policy global

This works for internal users, but not for the remote VPN clients that terminate on the ASA and then are rerouted to the Internet by the ASA.

Does the application inspection not apply for u-turn traffic like this? Is there a way to make it work?

Thank you,

Federico.

Re: U-turn on ASA 8.3

I needed to apply the service-policy to the outside interface and not ''global''

Federico.

652
Views
0
Helpful
3
Replies
CreatePlease to create content