NAT

Cisco ASA - Remote access VPN user’s can’t connect to internal resources on the same network

So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a  remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).

While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.

The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.

Hope this helps

ASA 5520 not Nat’ing traffic

A colleague of mine and I were setting up and configuring an ASA 5520. We ran through the basic setup wizard and set up the preliminary NAT and access rules and found we could get out to the Internet. The ASA itself could access Internet resources but we on the inside connection could not. So of course we double checked out NAT rules and ACL and everything looked fine. So we figured it was a bug and did a factory default reset and still had the same issue. After the second factory-default reset we were ready to chalk it up to hardware issues when we decided to do one more factory-default reset and that fixed the problem. I am unsure what change on the third reset that didn’t on the first two but since then the device has been working fine.