asa 5510 remote access + nat

Discussion in 'Cisco' started by ted, Nov 20, 2008.

  1. ted

    ted Guest

    Hi all

    I have problem:

    There are road warriors via vpn client, they get ip address from the
    private pool. They try connect to another servers that are in the same
    network as outside interface of ASA. In one direct packet go to servers
    with source address from the pool, but server don't know where he should
    reply and send answers to default gw. I think that good NAT can resolve
    this problem, but something i make wrong :((


    schema:

    ISP - ASA - FW - LAN
    \ servers






    I try to make in this way:

    For them i make basic filter

    e.g:
    vpn-filter value acl-filtr
    access-list acl-filtr line 1 extended permit tcp any some_host

    and next i have to make NAT to/via outside interface

    e.g:
    access-list from_vpn_to_zone line 1 extended permit tcp vpn_host out_host


    then i make NAT

    e.g:
    global (outside) 3 interface
    nat (inside) 3 access-list from_vpn_to_zone


    but it dosen't work. I haven't any hit to my acl "from_vpn_to_zone". the
    reason of that is maybe my packet packet passed 1st acl and cannot be
    processed bysecond ACL

    Am i right ?

    Could i get some clue ?

    Thanks
    best regards
    Ted
     
    ted, Nov 20, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.