We have a customer moving to a new internet service. The ISP will be managing the site-to-site vpn tunnels between the different locations. At the main office, we are installing an ASA 5506-X to act as the gateway/router. I have posted the configuration I have so far below. The network objects correspond to the IP schemes at the remote offices. We need the device to allow traffic from each remote office without being NATed. (i.e. traffic from SLC, 192.168.208.x -> LocalSubnet 192.168.203.x) and I am unclear how to do this.
ip local pool vpnpool 192.168.168.1-192.168.168.50 mask 255.255.255.0
! interface GigabitEthernet1/1 nameif outside security-level 0 ip address <Public IP> ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.203.1 255.255.255.0 ! interface GigabitEthernet1/3 no nameif security-level 100 no ip address ! interface GigabitEthernet1/4 no nameif security-level 100 no ip address ! interface GigabitEthernet1/5 no nameif security-level 100 no ip address ! interface GigabitEthernet1/6 no nameif security-level 100 no ip address ! interface GigabitEthernet1/7 no nameif security-level 100 no ip address ! interface GigabitEthernet1/8 no nameif security-level 100 no ip address ! interface Management1/1 management-only no nameif no security-level no ip address ! boot system disk0:/asa992-32-lfbff-k8.SPA ftp mode passive same-security-traffic permit inter-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network LocalSubnet subnet 192.168.203.0 255.255.255.0 object network SLC subnet 192.168.201.0 255.255.255.0 object network COS subnet 192.168.205.0 255.255.255.0 object network GRJ subnet 192.168.202.0 255.255.255.0 object network FRD subnet 192.168.208.0 255.255.255.0 object network PKR subnet 192.168.207.0 255.255.255.0 object network FTC subnet 192.168.206.0 255.255.255.0 object network Linux_Server host 192.168.203.2 object network VPN subnet 192.168.168.0 255.255.255.0
Hi, The example below will not nat traffic from your local network 192.168.203.x to the remote network FRD 192.168.208.x. This is similar to the nat configuration you already have in place for the destination network VPN.