Nat And Vpn Management Access - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 10
NAT Examples and Reference
object network vpn_local
! Identify inside Boulder network, & perform object interface PAT when going to Internet:
object network boulder_inside
! Identify inside San Jose network for use in twice NAT rule:
object network sanjose_inside
! Use twice NAT to pass traffic between the Boulder network and the VPN client without
! address translation (identity NAT):
nat (inside,outside) source static boulder_inside boulder_inside destination static
vpn_local vpn_local
! Use twice NAT to pass traffic between the Boulder network and San Jose without
! address translation (identity NAT):
nat (inside,outside) source static boulder_inside boulder_inside destination static
sanjose_inside sanjose_inside
! Use twice NAT to pass traffic between the VPN client and San Jose without
! address translation (identity NAT):
nat (outside,outside) source static vpn_local vpn_local destination static sanjose_inside
sanjose_inside
See the following sample NAT configuration for ASA2 (San Jose):
! Identify inside San Jose network, & perform object interface PAT when going to Internet:
object network sanjose_inside
! Identify inside Boulder network for use in twice NAT rule:
object network boulder_inside
! Identify local VPN network for use in twice NAT rule:
object network vpn_local
! Use twice NAT to pass traffic between the San Jose network and Boulder without
! address translation (identity NAT):
nat (inside,outside) source static sanjose_inside sanjose_inside destination static
boulder_inside boulder_inside
! Use twice NAT to pass traffic between the San Jose network and the VPN client without
! address translation (identity NAT):
nat (inside,outside) source static sanjose_inside sanjose_inside destination static
vpn_local vpn_local
NAT and VPN Management Access
When using VPN, you can allow management access to an interface other than the one from which you
entered the ASA (see the management-access command). For example, if you enter the ASA from the
outside interface, the management-access feature lets you connect to the inside interface using ASDM,
SSH, Telnet, or SNMP; or you can ping the inside interface.
subnet 10.3.3.0 255.255.255.0
nat (outside,outside) dynamic interface
subnet 10.1.1.0 255.255.255.0
nat (inside,outside) dynamic interface
subnet 10.2.2.0 255.255.255.0
subnet 10.2.2.0 255.255.255.0
nat (inside,outside) dynamic interface
subnet 10.1.1.0 255.255.255.0
subnet 10.3.3.0 255.255.255.0
Cisco ASA Series Firewall CLI Configuration Guide
NAT for VPN
10-19
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
