https://community.cisco.com/t5/network-security/l2l-with-single-address/m-p/2054190#M438288 <HTML><HEAD></HEAD><BODY><P>Hi Hamad,</P><P></P><P>Please include the packet-tracer output.</P><P></P><P>packet-tracer input inside icmp 192.168.1.50 8 0 10.5.225.10 detail</P><P></P><P>Thanks.</P><P></P><P>Portu. <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 24 Sep 2012 18:50:30 GMT Javier Portuguez 2012-09-24T18:50:30Z https://community.cisco.com/t5/network-security/l2l-with-single-address/m-p/2054189#M438287 <P>I know this has been asked a million times on the internet and for the life of me i can't figure out what seems to be happening here. </P><P><BR style="font-size: 14px; font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 23px; background-color: #ffffff;" /></P><P>I have multiple networks on an ASA and we are now requested to setup a site to site with a vendor. In my past experience, i have always done site to site with NO NAT however the vendor requires us to pass all traffic from our inside networks (overlapping) to NAT address of single host 192.168.148.x </P><P><BR style="font-size: 14px; font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 23px; background-color: #ffffff;" /></P><P>Everytime i am adding static (inside,outside) 192.168.140.x access-list policy-nat</P><P>I keep getting global address overlaps mask. Here is more details of what i am looking for: </P><P><BR style="font-size: 14px; font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 23px; background-color: #ffffff;" /></P><P>Inside range: 192.168.0.x / 24, 10.100.0.x/22</P><P>Destination host: 10.5.225.x</P><P>Provider requested NAT: 192.168.148.x</P><P><BR style="font-size: 14px; font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 23px; background-color: #ffffff;" /></P><P>Here is the config i have on my end, any help would be appreciated: </P><P><BR style="font-size: 14px; font-family: 'Droid Serif', Georgia, 'Times New Roman', serif; color: #222222; line-height: 23px; background-color: #ffffff;" /></P><P>access-list VPN-TO-VENDOR extended permit ip host 192.168.148.x host 10.5.225.x </P><P>access-list policynat extended permit ip 192.168.0.0 255.255.255.0 host 10.5.225.x</P><P></P><P>Phase 2 is completed however no traffic is passing. When checking the ACL's there is no hit count either. I have tried to use static (inside,outside) 192.168.148.x access-list policynat and i keep getting global address overlaps mask. I am stuck any help would be appreciated. </P> Mon, 11 Mar 2019 23:58:26 GMT https://community.cisco.com/t5/network-security/l2l-with-single-address/m-p/2054189#M438287 hamadriaz1 2019-03-11T23:58:26Z https://community.cisco.com/t5/network-security/l2l-with-single-address/m-p/2054190#M438288 <HTML><HEAD></HEAD><BODY><P>Hi Hamad,</P><P></P><P>Please include the packet-tracer output.</P><P></P><P>packet-tracer input inside icmp 192.168.1.50 8 0 10.5.225.10 detail</P><P></P><P>Thanks.</P><P></P><P>Portu. <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 24 Sep 2012 18:50:30 GMT https://community.cisco.com/t5/network-security/l2l-with-single-address/m-p/2054190#M438288 Javier Portuguez 2012-09-24T18:50:30Z