Cisco ASA Series Cli Configuration Manual page 772
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
NAT for VPN
object network vpn_local
! Identify inside Boulder network, & perform object interface PAT when going to Internet:
object network boulder_inside
! Identify inside San Jose network for use in twice NAT rule:
object network sanjose_inside
! Use twice NAT to pass traffic between the Boulder network and the VPN client without
! address translation (identity NAT):
nat (inside,outside) source static boulder_inside boulder_inside destination static
vpn_local vpn_local
! Use twice NAT to pass traffic between the Boulder network and San Jose without
! address translation (identity NAT):
nat (inside,outside) source static boulder_inside boulder_inside destination static
sanjose_inside sanjose_inside
! Use twice NAT to pass traffic between the VPN client and San Jose without
! address translation (identity NAT):
nat (outside,outside) source static vpn_local vpn_local destination static sanjose_inside
sanjose_inside
See the following sample NAT configuration for ASA2 (San Jose):
! Identify inside San Jose network, & perform object interface PAT when going to Internet:
object network sanjose_inside
! Identify inside Boulder network for use in twice NAT rule:
object network boulder_inside
! Identify local VPN network for use in twice NAT rule:
object network vpn_local
! Use twice NAT to pass traffic between the San Jose network and Boulder without
! address translation (identity NAT):
nat (inside,outside) source static sanjose_inside sanjose_inside destination static
boulder_inside boulder_inside
! Use twice NAT to pass traffic between the San Jose network and the VPN client without
! address translation (identity NAT):
nat (inside,outside) source static sanjose_inside sanjose_inside destination static
vpn_local vpn_local
NAT and VPN Management Access
When using VPN, you can allow management access to an interface other than the one from which you
entered the ASA (see the management-access command). For example, if you enter the ASA from the
outside interface, the management-access feature lets you connect to the inside interface using ASDM,
SSH, Telnet, or SNMP; or you can ping the inside interface.
Cisco ASA Series CLI Configuration Guide
1-26
subnet 10.3.3.0 255.255.255.0
nat (outside,outside) dynamic interface
subnet 10.1.1.0 255.255.255.0
nat (inside,outside) dynamic interface
subnet 10.2.2.0 255.255.255.0
subnet 10.2.2.0 255.255.255.0
nat (inside,outside) dynamic interface
subnet 10.1.1.0 255.255.255.0
subnet 10.3.3.0 255.255.255.0
Chapter 1
Information About NAT
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
