I am having a problem with my remote access VPN. The outside interface of my ASA is being NATed with static nat the an inside server. Whenever i try to connect to my ASA through a remote access VPN, these packets are being passed to the server instead of being processed by the ASA. It is not a request from the ASA to the server which is running IAS because IAS is set to log everyything and it has not even created a log file.
Can I use my outside interface for static NAT and still VPN to it? Is there a way to not NAT on the ports using the VPN?
Where you have 2 IP's you have it backwards of the way it should be. Users should be PAT'd to the outside IP, the mail server should be using the other IP for it's NAT. You should not be using the outside interface for NAT, only PAT.
Except I don't have enough public IPs so I kind of cheated and used the network address for PAT which works fine except that I cannot apply this to an interface. So instead of changing the MX record, it is just the outside interface of the ASA.
You CAN NOT use the outside interface for NAT, you can ONLY use it for PAT. Why can't you simply swap the IP's, put the one you are using for PAT on the outside interface and use the one that is your current outside interface and use that for your mail servers NAT?
That's what I was afraid of. Damn! Its just a pain because i have to go through a parent company to have it changed and it usually takes a while.... oh well if that's what i have to do ....
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.