Coming from the PIX days to the ASA and now ASA 8.3 I have a hard time wrapping my head around the NATing.
I'm building a S2S VPN tunnel where I have one server that will initiated a connection across that tunnel. I would like to PAT that server to the outside interface of my ASA. So far I believe that code would look like this.
ASA(config)# object network my-inside-net ASA(config-network-object)# host 192.168.1.1 ASA(config-network-object)# nat (inside,outside) dynamic interface
But in the code above i'm PATing 192.168.1.1 to the interface regardless of it's destination. What would the code look like if I wanted to do a policy PAT and saying only overload to the interface if you are destined to the server at the other end of the tunnel.
This isn't is treat only as a VPN tunnel and it does not manage internet browsing.
No comments:
Post a Comment