12-18-2014 09:24 AM - edited 03-11-2019 10:14 PM
So, I have been presented with an interesting challenge. I would prefer using an internal Linux host to solve this, but my manager is convinced the ASA can do this. Hope this is the correct group. This is a NAT and routing question.
We have two VPN tunnels. One goes to Company X and connects to our internal network. Let's call the internal network 10.10.5.0 /24. That internal network can connect over the VPN tunnel to Company X, allowing only a single IP address in a /30 subnet on the inside of Company X that we can connect to (10.109.1.253). The kicker is that Company X will only allow a single VPN tunnel from our company.
The 2nd tunnel is coming from
Or should I simply route requests coming from Company Y (10.120.136.0 /24
Or would the best solution simply have users in 10.120.136.0 (Company Y) hit a Linux box at 10.10.5.145 (our internal network), and the
Thoughts?
12-18-2014 09:52 AM
You can easily solve that with
12-18-2014 12:44 PM
Karsten,
Thanks much for the response. I have the option "same-security-traffic permit intra-interface" already enabled.
I guess I am being daft about the policy NAT. Looking over the link I
Much thanks in advance.
12-18-2014 01:12 PM
I think I found an example that may work for my situation. Thanks.
Will give it a shot.
---
any examples would be appreciated on how to translate incoming IP addresses from the 10.120.139.0 /24 subnet to an internal 10.10.5.145 IP and have them them route or NAT over to the 10.109.1.253 /32 IP, so everything on the 10.109.1.253 address will see all traffic originating from 10.120.139.0 /24 as really coming from 10.10.5.145?
Thanks.
12-18-2014 01:48 PM
Tried the following but with no luck. From the IP of 10.120.139.12, I cannot ping 10.10.5.145 which should NAT over to the other VPN IP of 10.109.1.253.
I am certain I am just missing something:
Based on
12-18-2014 01:59 PM
The nat-rule looks fine, but is it in the right order? It's very likely that it has to be above other rules in NAT-section1.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: