cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


134
Views
0
Helpful
2
Replies
Highlighted
Beginner

Site to Site VPN on NAT Address

Hi guys.

I just have 2 questions...

Is it possible to use a NAT address (rather than the physical) for a site to site VPN?

Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?

eg.

Firewall A Physical Address 1.1.1.1

Firewall B Physical Address 2.2.2.2

Firewall C Physical Address 3.3.3.3

Firewall C NAT Address 4.4.4.4

Firewall C NAT Address 5.5.5.5

Firewall A 1.1.1.1 -> VPN -> Firewall B VPN 4.4.4.4

Firewall B 2.2.2.2 -> VPN -> Firewall B VPN 5.5.5.5

Thanks.

Mike

2 REPLIES 2

Site to Site VPN on NAT Address

Hello.

Not sure if it's possible.

Could you please clarify why do you need such configuration?

VIP Advocate

Site to Site VPN on NAT Address

Is it possible to use a NAT address (rather than the physical) for a site to site VPN?

Yes this is possible, just remember when creating the crypto ACL that you specify the NAT'ed subnet and not the real subnet.

Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?

You can have several site to site VPNs terminated on a single ASA.  The amount is dependent on license and/or ASA model.  But you have several Firewall B listed in your example, so for a better explanation you will need to clarify exactly what you are trying to do.

--
Please remember to rate and select a correct answer

--
Please remember to rate and select a correct answer