How to configure NAT Exemption in version 8.3 for VPN in Cisco ASA?
1) For Point-to-point VPN
Scenario is 192.168.1.x/24 inside(ASA1)outside ===VPN_tunnel===outside(ASA2)inside 192.168.2.0/24
If you were configuring ASA1 nat exemption for this site to site VPN tunnel, it would look like this:
object network obj-local-subnet
subnet 192.168.1.0 255.255.255.0object
network obj-remote-subnet
subnet 192.168.2.0 255.255.255.0
nat (inside,outside) 1 source static obj-local-subnet obj-local-subnet destination static obj-remote-subnet obj-remote-subnet
2)For Remote access VPN
Remote VPN Topology:
192.168.10.0/24 (vpnclient pool) ===VPN_tunnel===outside(ASA1)inside 192.168.1.0/24
If you were configuring ASA1 nat exemption for this RA tunnel, it would look like this:
object network obj-vpn_ip_address_pool
subnet 192.168.10.0 255.255.255.0
nat (inside,outside) 1 source static any any destination static obj-vpn_ip_address_pool obj-vpn_ip_address_pool