Cisco ASA 5505 Configuration Manual page 1356

Configuring AnyConnect (SSL) VPN Client Connections
Create a NAT rule so that the hosts in the Engineering VPN address pool can reach other hosts in the
Step 4
Engineering VPN address pool. Create this rule just as you created the rule in
specify the Engineering VPN address pool as both the Source address and the Destination Address in the
Match criteria: Original Packet area.
Create a NAT rule so that the Engineering VPN remote access clients can reach the "inside" network. In
Step 5
the NAT Rules pane, select Add > Add NAT Rule Before "Network Object" NAT rules so that this
rule will be processed before other rules.
In the Match criteria: Original Packet area configure these fields:
a.
Figure 64-4
In the Action: Translated Packet area, configure these fields:
b.
In the Options area, configure these fields:
c.
Cisco ASA 5500 Series Configuration Guide using ASDM
64-46
Source Interface: Any
–
Destination Interface: Any
–
Source Address: Click the Source Address browse button and create a network object that
–
represents the inside network. Define the object type as a Network of addresses. Do not add an
automatic address translation rule.
Destination Address: Click the Destination Address browse button and select the network object
–
that represents the Engineering VPN address pool.
Add inside-network object
Source NAT Type: Static
–
Source Address: Original
–
Destination Address: Original
–
Service: Original
–
Check Enable rule.
–
Uncheck or leave empty the Translate DNS replies that match this rule.
–
Direction: Both
–
Chapter 64 General VPN Setup
Step 2 except that you
OL-20339-01