06-16-2016 07:28 PM - edited 03-12-2019 12:54 AM
Hi I have scenario here customers local pool ip is 192.168.1.0/24 I want to route this pointed to outside interface .
but the problem is 192.168.1.0/24 is already pointed to management interface.
can you please guide me hoew to proceed further .
Solved! Go to Solution.
06-16-2016 09:32 PM
Hi
In your scenario you'll need to nat source and destination network.
I drop below a sample config for nat, vpn is add usual :
ON ASA 1
object network COMMON-LAN
subnet 192.168.1.0 255.255.255.0
object network SOURCE-LAN-NAT
subnet 192.168.11.0 255.255.255.0
object network REMOTE-LAN-NAT
subnet 192.168.12.0 255.255.255.0
ACL CRYPTO
access-list L2L-ACL extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0
NAT TRANSLATION
nat (inside,outside) source static COMMON-LAN SOURCE-LAN-NAT destination static REMOTE-LAN-NAT COMMON-LAN
Don't forget that on the other side, the lan for vpn isn't 192.168.1.0 but 192.168.11.0
Hope this clear
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-28-2016 04:11 AM
Ok no problem. If you change the customer subnet it would be easier.
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-16-2016 09:32 PM
Hi
In your scenario you'll need to nat source and destination network.
I drop below a sample config for nat, vpn is add usual :
ON ASA 1
object network COMMON-LAN
subnet 192.168.1.0 255.255.255.0
object network SOURCE-LAN-NAT
subnet 192.168.11.0 255.255.255.0
object network REMOTE-LAN-NAT
subnet 192.168.12.0 255.255.255.0
ACL CRYPTO
access-list L2L-ACL extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0
NAT TRANSLATION
nat (inside,outside) source static COMMON-LAN SOURCE-LAN-NAT destination static REMOTE-LAN-NAT COMMON-LAN
Don't forget that on the other side, the lan for vpn isn't 192.168.1.0 but 192.168.11.0
Hope this clear
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-27-2016 09:24 PM
Hi Yep you are correct but my scenario routing also involved so it takes time to approve the cr so I recommend customer to change the subnet to 192.168.2.0/24
06-28-2016 04:11 AM
Ok no problem. If you change the customer subnet it would be easier.
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide