<div>
<div class="content wysiwyg-content">
I have one ASA with two inside networks, and two outside internet-capable interfaces. 
 
The insides are InsideWebSurf, and InsideCritical. 
 
The outside interfaces are OutsideToInternet and OutsideVPNonly. 
 
 
 
The default route goes to OutsideToInternet. 
 
Static routes go to OutsideVPNonly. 
 
 
 
ACLs restrict InsideWebSurf to only go to OutsideToInternet. 
 
&nbsp;InsideCritical can only launch VPNs on the OutsideVPNonly, so it can never websurf or do anything else but establis the VPNs. 
 
 
 
So far, so good, that part works fine. 
 
 
 
Now I want to allow Remote Access to VPN in through the OutsideVPNonly interface, and see the InsideCritical subnet. &nbsp;Also, it should be able to bent-pipe onto the other VPN, and reach the remote VPN sites that InsideCritical can see. 
 
 
 
The problem is I have to create a static route to the Remote Access PC (which goes out the OutsideVPNonly interface). 
 
When I do this, things work. &nbsp; But if the RemoteAccess PC roams to a new IP, I have to add another route statement. 
 
 
 
Is there a way to Policy Nat my way out of this delima? 
 
 
 
Thanks.
</div>
</div>

I have one ASA with two inside networks, and two outside internet-capable interfaces.

The insides are InsideWebSurf, and InsideCritical.

The outside interfaces are OutsideToInternet and OutsideVPNonly.



The default route goes to OutsideToInternet.

Static routes go to OutsideVPNonly.



ACLs restrict InsideWebSurf to only go to OutsideToInternet.

 InsideCritical can only launch VPNs on the OutsideVPNonly, so it can never websurf or do anything else but establis the VPNs.



So far, so good, that part works fine.



Now I want to allow Remote Access to VPN in through the OutsideVPNonly interface, and see the InsideCritical subnet.  Also, it should be able to bent-pipe onto the other VPN, and reach the remote VPN sites that InsideCritical can see.



The problem is I have to create a static route to the Remote Access PC (which goes out the OutsideVPNonly interface).

When I do this, things work.   But if the RemoteAccess PC roams to a new IP, I have to add another route statement.



Is there a way to Policy Nat my way out of this delima?



Thanks.

Policy NAT on ASA question

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.