We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 549 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


299 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , , ,

Notable Replies

  1. Hi Rene,

    For this part here -

    The DNS server will be assigned to remote VPN users.

    When connected to the VPN, If the users are trying to access Internal Corporate machines via DNS name, should we provide an Internal DNS server address rather than


  2. Hi Rene,

    Congrats, very clear tutorial. What about the NAT rule to keep untranslated the traffic between internal subnets and remote VPN hosts ? Is not it needed ?

    Please advise.

    Thank you.

  3. Hi Alessandro,

    Glad to hear you like it! You will need a NAT rule to keep traffic between remote VPN users and inside hosts untranslated. You can find the config for it in this reply:

    Cisco ASA NAT untranslate


  4. Hi Rene

    Been trying to get a 9.1x VPN working for a while now, and wiped the config and started new and followed 99% of your config - internal network is, running 9.1(6) and Anyconnect 4.2.x.

    Everything checked out but unable to talk to internal network once connected. On the ASA log I see the following:-
    5 Jul 26 2016 10:25:05 38593 53 Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:\user) dst inside: denied due to NAT reverse path failure

    Tried adding the nat:-

    ciscoasa(config)# object network Inside
    ciscoasa(config-network-object)# subnet
    ciscoasa(config-network-object)# object network VPN
    ciscoasa(config-network-object)# subnet
    ciscoasa(config)#nat(inside,outside) source static Inside,Inside destination static VPN VPN

    and get the error

    nat (inside,outside) source static Inside,Inside destination static VPN VPN
    ERROR: % Invalid input detected at '^' marker.

    This is driving me nuts, please advise



Continue the discussion forum.networklessons.com

20 more replies