applying NAT (port-map) on VPN clients

Hi. 

I have ASA 9.x with 2 IKEv1 site-to-site VPNs to 2 branches. I have also a web server inside the main office that services the web requests sent to TCP 8080. clients which access this web server are inside the main office as well as the branches. the IP addresses of the branch clients has been assigned to them bu their local DHCP server. I want to use NAT (port-mapping) on ASA so the clients reside inside the branch offices can acccess the internal web site without adding the 8080 to their URL. I used something like this on ASA but it didn't worked:

 

nat (inside,any) source static WEBSERVER WEBSERVER service WEB_PORT WEB_PORT_MAPPED

!

object network WEBSERVER

 host 10.1.1.127

object service WEB_PORT

 service tcp source eq 8080 

object service WEB_PORT_MAPPED

 service tcp source eq www 

 

how can we apply this and generally a NAT on VPN clients?

Comments

  • Hi;

     

    I tested the config and it worked fine in this case, becasue I chosed "any" as output interface in NAT configuration. But if we need to point to the vpn traffic in nat, which interface do we need to write in NAT configuration? 

Sign In or Register to comment.