Cisco ASA - NATing incoming Remote Access connections to inside network
Posted on 2006-04-19
Does anyone know if you can setup a PAT for remote access clients coming into the ASA server for traffic destined inside the network? I have an ASA 5510 that is going to require 4 VPN clients coming in; to avoid internal routing changes, etc, is it possible or even advisable to try to have a PAT for the VPN clients to appear on the inside of the network PATing from the ASA's internal interface? So far in trying to do this with NATing or a Policy NAT, I haven't been able to make it work. Just doing an ICMP ping to the first hop router inside the network on the segment the internal interface the ASA is on, I get the following:
Built dynamic ICMP translation from Outside:10.1.1.1/768 to Inside(Outside_pnat_inbound):10.100.0.1/1
followed by for every ping attempt:
No translation group found for icmp src Outside:10.1.1.1 dst Inside:10.100.0.1 (type8, code 0)
It looks to me like it is setting up the translation judging by the first log message, but then the subsequents look like it is failing.
Any info or advice on this approach appreciated! I am new to working with the ASA, so perhaps my approach is fundamentally flawed, so any recommendations on the best way to handle this I'm open to.