Shulou(Shulou.com)06/01 Report--

one。 Description

Normally, the address pool address of anyconnect VeiPiN needs to be routed in the private network, and the route points to the inside interface address of ASA, but if the private network cannot add a route, what if the client can successfully access the private network after dialing VeiPiN?

two。 Train of thought

The inside interface address of ASA is the private network address, and the private network can be routed. Therefore, the traffic from the VeiPiN client to the intranet is translated by PAT, that is, the source address is converted to the inside interface address of ASA, so that it can communicate smoothly with the intranet.

three。 Configuration method

Because several VMWare versions of ASA9 downloaded cannot bridge communication with the host network card (sometimes it can communicate with a host network card), so it uses the ASA842 version of the simulator. The later version of ASA8.3 should not change much with NAT.

Omit the matching steps of SSL

Configuration of PAT

Nat (outside,inside) source dynamic VeiPiN interface destination static Inside-Net Inside-Net

-- VeiPiN is the pre-defined VeiPiN address pool object network

-- Inside-Net is the network segment of the predefined internal network

4. Actual verification

-it seems that no pictures have been uploaded right now.

Attachment: http://down.51cto.com/data/2366995

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.