asa 5510 remote access + nat

Discussion in 'Cisco' started by ted, Nov 20, 2008.

  1. ted

    ted Guest

    Hi all

    I have problem:

    There are road warriors via vpn client, they get ip address from the
    private pool. They try connect to another servers that are in the same
    network as outside interface of ASA. In one direct packet go to servers
    with source address from the pool, but server don't know where he should
    reply and send answers to default gw. I think that good NAT can resolve
    this problem, but something i make wrong :((


    ISP - ASA - FW - LAN
    \ servers

    I try to make in this way:

    For them i make basic filter

    vpn-filter value acl-filtr
    access-list acl-filtr line 1 extended permit tcp any some_host

    and next i have to make NAT to/via outside interface

    access-list from_vpn_to_zone line 1 extended permit tcp vpn_host out_host

    then i make NAT

    global (outside) 3 interface
    nat (inside) 3 access-list from_vpn_to_zone

    but it dosen't work. I haven't any hit to my acl "from_vpn_to_zone". the
    reason of that is maybe my packet packet passed 1st acl and cannot be
    processed bysecond ACL

    Am i right ?

    Could i get some clue ?

    best regards
    ted, Nov 20, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.