02-07-2014 09:51 AM - edited 03-11-2019 08:42 PM
Hi guys.
I just have 2 questions...
Is it possible to use a NAT address (rather than the physical) for a site to site VPN?
Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?
eg.
Firewall A Physical Address 1.1.1.1
Firewall B Physical Address 2.2.2.2
Firewall C Physical Address 3.3.3.3
Firewall C NAT Address 4.4.4.4
Firewall C NAT Address 5.5.5.5
Firewall A 1.1.1.1 -> VPN -> Firewall B VPN 4.4.4.4
Firewall B 2.2.2.2 -> VPN -> Firewall B VPN 5.5.5.5
Thanks.
Mike
02-08-2014 11:41 PM
Hello.
Not sure if it's possible.
Could you please clarify why do you need such configuration?
02-09-2014 04:08 AM
Is it possible to use a NAT address (rather than the physical) for a site to site VPN?
Yes this is possible, just remember when creating the crypto ACL that you specify the NAT'ed subnet and not the real subnet.
Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?
You can have several site to site VPNs terminated on a single ASA. The amount is dependent on license and/or ASA model. But you have several Firewall B listed in your example, so for a better explanation you will need to clarify exactly what you are trying to do.
--
Please remember to rate and select a correct answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide