Link to home
Start Free TrialLog in
Avatar of Leadtheway
LeadthewayFlag for United States of America

asked on

Configure Identity NAT ASA 8.2.3

Have ASA running 8.2.3, setup remote access vpn and using windows built in to access.  Get connected and get an IP either by DCHP or by creating address pool..either works, but i can't access anything on the network. I was told I need identity nat because the addresses are getting natted before they traverse back to the vpn client. But I'm not sure how to setup either CLI or ADSM access is available.  Attached is config..thanks
BKKASA-scrub.txt
Avatar of Marius Gunnerud
Marius Gunnerud
Flag of Norway image

you would need to do something like this:

object network LOCAL_NET
subnet 10.10.10.0 255.255.255.0

object network REMOTE_NET
subnet 11.11.11.0 255.255.255.0

nat (inside,outside) source static LOCAL_NET LOCAL_NET destination static REMOTE_NET REMOTE_NET
Avatar of Leadtheway

ASKER

ok, maybe this is the problem then  the pool that we created for VPN users is on the same subnet as the LAN
if you issue the management-access inside command on the ASA, are you able to ping the inside interface of the ASA when connected to the VPN?

Even if the address pool is the same as the local network, you will still need to have an Identity NAT configured when there is NATing between the interfaces.
can ping a server by IP but not by dns
if you do an nslookup for the dns name, what IP is returned, and from which DNS server do you get the IP from?
i think the pool has a static dns assigned,
ASKER CERTIFIED SOLUTION
Avatar of Marius Gunnerud
Marius Gunnerud
Flag of Norway image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial