[c-nsp] ASA 5505 NAT and asymmetric routing
Bruce Pinsky
bep at whack.org
Mon Oct 8 16:40:01 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew DeSantos wrote:
> This is the problem I'm having. The public servers aren't behind the asa
> and have to be reached via the internet. I'm trying to keep the public side
> public and the private (internal) stuff private.
>
In recent versions of the ASA software, you can do conditional NAT'ing.
For example, I don't apply NAT when traffic is destined to my AnyConnect
VPN clients.
access-list inside_nat0_outbound extended permit ip object Inside-Network
object VPN-Anyconnect-1
nat (inside,any) source static Inside-Network Inside-Network destination
static VPN-Anyconnect-1 VPN-Anyconnect-1 no-proxy-arp
Seeing it in ASDM makes it a lot clearer.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBzOiEACgkQE1XcgMgrtya4FQCg5bi5v7tgaGxb/wS2FnwkUVvF
/NsAni/9xORUjjnw+YrZQm4zUdMw91sk
=8pLP
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list