Cisco ASA latest version VPN issue
In the past, I've used the following statements when setting up split-tunnel VPN clients...
ip local pool pool-clivpn 192.168.158.50-192.168.158.59 mask 255.255.255.0
access-list nat0 extended permit ip any 192.168.158.0 255.255.255.0
nat (outside) 1 192.168.158.0 255.255.255.0
nat (LANof1stFLoffice) 0 access-list nat0
nat (LANof1stFLoffice) 1 0.0.0.0 0.0.0.0
nat (LANof3rdFLoffice) 0 access-list nat0
nat (LANof3rdFLoffice) 1 0.0.0.0 0.0.0.0
But on this new ASA, which some other guys upgraded to 8.3 (latest?) (it came with the 1GB of RAM pre-installed) it told me the nat command was depreciated and these lines are no longer valid... I've read the syntax of the new nat command, but I'm not getting it, ideas to make this work?
As-is my VPN client connects, it shows the secured route to my inside IP range, but bytes received = 0 and packets bypassed = all of them - am I correct that this is because my nat bypass is not present/working?
Simple (and probably the Correct) Approach:
Have whoever upgraded the code figure that problem out. After all, anybody who plan to upgrade code on any platform should account and be responsible of the effects that come with the upgrade, especially on production network platform.
If the code upgrade is not yet causing issue, the other guy that did the code upgrade (and probably you) should work as a team to figure out how to mitigate the issue; either by downgrade the code back to the old one or figure out how to do the VPN configuration the new way using the new command properly. When the code upgrade is causing issue already, immediate downgrade code is suggested until better plan is setup and well-thought of.
Just my 2c
I agree with you entirely, there should have been a change control process (one that I would have used to squash the upgrade)
In the end I got my way and rolled back to a previous version where the VPN works flawlessly
For others who care, I did find a document that tries to help explain the new nat commands: »www.cisco.com/en/US/docs/securit···#wp83968
...although after spending more than 2 days on another unit not in the production network, I think there might be a bug that causes VPN client traffic not to work at all.
I have it working on ASA 8.3 with a third party VPN client (VPN Tracker 6 on Mac OS). This link is to their manual which shows the ASA configuration using both ASDM and CLI. It may help you and is ~ 5MB download:
Hey thanks allot, I will try that!