Policy NAT on ASA question

I have one ASA with two inside networks, and two outside internet-capable interfaces.

The insides are InsideWebSurf, and InsideCritical.

The outside interfaces are OutsideToInternet and OutsideVPNonly.

The default route goes to OutsideToInternet.

Static routes go to OutsideVPNonly.

ACLs restrict InsideWebSurf to only go to OutsideToInternet.

 InsideCritical can only launch VPNs on the OutsideVPNonly, so it can never websurf or do anything else but establis the VPNs.

So far, so good, that part works fine.

Now I want to allow Remote Access to VPN in through the OutsideVPNonly interface, and see the InsideCritical subnet.  Also, it should be able to bent-pipe onto the other VPN, and reach the remote VPN sites that InsideCritical can see.

The problem is I have to create a static route to the Remote Access PC (which goes out the OutsideVPNonly interface).

When I do this, things work.   But if the RemoteAccess PC roams to a new IP, I have to add another route statement.

Is there a way to Policy Nat my way out of this delima?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cisco  ASA  not officially supports PBR ...
better use the OutsideToInternet.  link for  Remote accesss VPN

Q. Can Cisco 5500 Series ASA do a Policy Based Routing (PBR) like Cisco Router? For example, mail traffic should be routed to first ISP while http traffic should be routed to the second one.

    A. Unfortunately, there is no way to do policy-based routing on the ASA at this time. It can be a feature that is added to the ASA in the future.

    Note: The route-map command is used to redistribute routes between routing protocols, such as OSPF and RIP, with the use of metrics and not to policy route regular traffic as in routers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jimmycherAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.