cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


183
Views
0
Helpful
2
Replies
Beginner

S2S ASA

Hi All:

 

What steps do I need for the below scenario to happen. I want to have a site to site connection but instead of having private addresses via the tunnel I will have one side have a private address being natted via static nat and then that static public ip address will be the interested host for the other remote side to talk too which will also be a public ip address. What would be the flow of my configuration?

 

Will the flow be this? 

1) Translate the private address to the static addresss

2) Create rule from inside to outside ( this case, the private address to remote site public address)

3) create rule from outside to inside ( this case, the remote site public address to my inside address static nat)

4) the crypto traffic or the "interested traffic" on my side will be my public static address to the public remote ip address

5) no nat exempt in this case?

is this flow correct or am i missing something? 

Everyone's tags (1)
2 REPLIES 2
Highlighted
VIP Advisor

Re: S2S ASA

On high level i follow same steps :

 

here is guide in case if you do not have in hand to create one.. any issue post with logs to and configuration.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119141-configure-asa-00.html

BB
*** Rate All Helpful Responses ***
Beginner

Re: S2S ASA

Hi:

 

Thanks for the feedback. Am familiar with that configuration but my question was. How if the interesting traffic that goes in the tunnel is a public Ip address instead? How would that work?