asa 5510 remote access + nat

Hi all

I have problem:

There are road warriors via vpn client, they get ip address from the private pool. They try connect to another servers that are in the same network as outside interface of ASA. In one direct packet go to servers with source address from the pool, but server don't know where he should reply and send answers to default gw. I think that good NAT can resolve this problem, but something i make wrong :((

schema: ISP - ASA - FW - LAN \\ servers

I try to make in this way:

For them i make basic filter

e.g: vpn-filter value acl-filtr access-list acl-filtr line 1 extended permit tcp any some_host

and next i have to make NAT to/via outside interface

e.g: access-list from_vpn_to_zone line 1 extended permit tcp vpn_host out_host

then i make NAT

e.g: global (outside) 3 interface nat (inside) 3 access-list from_vpn_to_zone

but it dosen't work. I haven't any hit to my acl "from_vpn_to_zone". the reason of that is maybe my packet packet passed 1st acl and cannot be processed bysecond ACL

Am i right ?

Could i get some clue ?

Thanks best regards Ted

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.