Site to Site VPN on NAT Address

mikedelafield · ‎02-07-2014

Hi guys.

I just have 2 questions...

Is it possible to use a NAT address (rather than the physical) for a site to site VPN?

Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?

eg.

Firewall A Physical Address 1.1.1.1

Firewall B Physical Address 2.2.2.2

Firewall C Physical Address 3.3.3.3

Firewall C NAT Address 4.4.4.4

Firewall C NAT Address 5.5.5.5

Firewall A 1.1.1.1 -> VPN -> Firewall B VPN 4.4.4.4

Firewall B 2.2.2.2 -> VPN -> Firewall B VPN 5.5.5.5

Thanks.

Mike

Vasilii Mikhailovskii · ‎02-08-2014

Hello.

Not sure if it's possible.

Could you please clarify why do you need such configuration?

Marius Gunnerud · ‎02-09-2014

Is it possible to use a NAT address (rather than the physical) for a site to site VPN?

Yes this is possible, just remember when creating the crypto ACL that you specify the NAT'ed subnet and not the real subnet.

Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?

You can have several site to site VPNs terminated on a single ASA. The amount is dependent on license and/or ASA model. But you have several Firewall B listed in your example, so for a better explanation you will need to clarify exactly what you are trying to do.

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts