Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
5
Helpful
3
Replies

in ASA i want to add same segment pointed to different interface.

Go to solution
vasanthmanoharan
Level 1
Level 1

‎06-16-2016 07:28 PM - edited ‎03-12-2019 12:54 AM

Hi I have scenario here customers local pool ip is 192.168.1.0/24 I want to route this pointed to outside interface .

but the problem is 192.168.1.0/24 is already pointed to management interface.

can you please guide me hoew to proceed further . 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-16-2016 09:32 PM

Hi

In your scenario you'll need to nat source and destination network.

I drop below a sample config for nat, vpn is add usual :

ON ASA 1

object network COMMON-LAN
subnet 192.168.1.0 255.255.255.0
object network SOURCE-LAN-NAT
subnet 192.168.11.0 255.255.255.0
object network REMOTE-LAN-NAT
subnet 192.168.12.0 255.255.255.0

ACL CRYPTO
access-list L2L-ACL extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0

NAT TRANSLATION 
nat (inside,outside) source static COMMON-LAN SOURCE-LAN-NAT destination static REMOTE-LAN-NAT COMMON-LAN

Don't forget that on the other side, the lan for vpn isn't 192.168.1.0 but 192.168.11.0 

Hope this clear

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to vasanthmanoharan

‎06-28-2016 04:11 AM

Ok no problem. If you change the customer subnet it would be easier. 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-16-2016 09:32 PM

Hi

In your scenario you'll need to nat source and destination network.

I drop below a sample config for nat, vpn is add usual :

ON ASA 1

object network COMMON-LAN
subnet 192.168.1.0 255.255.255.0
object network SOURCE-LAN-NAT
subnet 192.168.11.0 255.255.255.0
object network REMOTE-LAN-NAT
subnet 192.168.12.0 255.255.255.0

ACL CRYPTO
access-list L2L-ACL extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0

NAT TRANSLATION 
nat (inside,outside) source static COMMON-LAN SOURCE-LAN-NAT destination static REMOTE-LAN-NAT COMMON-LAN

Don't forget that on the other side, the lan for vpn isn't 192.168.1.0 but 192.168.11.0 

Hope this clear

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
vasanthmanoharan
Level 1
Level 1
In response to Francesco Molino

‎06-27-2016 09:24 PM

Hi Yep you are correct but my scenario routing also involved so it takes time to approve the cr so I recommend customer to change the subnet to 192.168.2.0/24

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to vasanthmanoharan

‎06-28-2016 04:11 AM

Ok no problem. If you change the customer subnet it would be easier. 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card