Hi all
I have problem:
There are road warriors via vpn client, they get ip address from the private pool. They try connect to another servers that are in the same network as outside interface of ASA. In one direct packet go to servers with source address from the pool, but server don't know where he should reply and send answers to default gw. I think that good NAT can resolve this problem, but something i make wrong :((
schema: ISP - ASA - FW - LAN \\ servers
I try to make in this way:
For them i make basic filter
e.g: vpn-filter value acl-filtr access-list acl-filtr line 1 extended permit tcp any some_host
and next i have to make NAT to/via outside interface
e.g: access-list from_vpn_to_zone line 1 extended permit tcp vpn_host out_host
then i make NAT
e.g: global (outside) 3 interface nat (inside) 3 access-list from_vpn_to_zone
but it dosen't work. I haven't any hit to my acl "from_vpn_to_zone". the reason of that is maybe my packet packet passed 1st acl and cannot be processed bysecond ACL
Am i right ?
Could i get some clue ?
Thanks best regards Ted