How to configure NAT Exemption in version 8.3 for VPN in Cisco ASA?

1) For  Point-to-point VPN

Scenario is 192.168.1.x/24 inside(ASA1)outside ===VPN_tunnel===outside(ASA2)inside 192.168.2.0/24

If you were configuring ASA1 nat exemption for this site to site VPN tunnel, it would look like this:

object network obj-local-subnet
subnet 192.168.1.0 255.255.255.0object

network obj-remote-subnet
subnet 192.168.2.0 255.255.255.0

nat (inside,outside) 1 source static obj-local-subnet obj-local-subnet destination static obj-remote-subnet obj-remote-subnet

2)For Remote access VPN

Remote VPN Topology:

192.168.10.0/24 (vpnclient pool) ===VPN_tunnel===outside(ASA1)inside 192.168.1.0/24

If you were configuring ASA1 nat exemption for this RA tunnel, it would look like this:

object network obj-vpn_ip_address_pool

subnet 192.168.10.0 255.255.255.0

nat (inside,outside) 1 source static any any destination static obj-vpn_ip_address_pool obj-vpn_ip_address_pool

 

Related Posts: