Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1497
Views
0
Helpful
6
Replies

ASA source NAT for VPN , Local Subnet should NAT with single Public IP

vasanth.manoharan
Level 1
Level 1

‎03-02-2020 06:03 PM

Hi All,

I have requirement for the VPN , remote subnet is getting conflict with local VPN subnet so i want to nat the local subnet with 1 public ip address and that public ip address act as a local subnet for my VPN.

 

Local subnet:-10.10.10.0/24 this should nat with single public ip :-1.1.1.1 ( for example)

 

Please any experts suggest me , how to achive this..

0 Helpful
6 Replies 6

Cristian Matei
VIP Alumni
VIP Alumni

‎03-03-2020 10:26 AM

Hi,

 

    What is your ASA software version? Also, if you want the local subnet to be able to communicate with the remote subnet (which are the same in the end), you would need to NAT traffic both ways, statically.

 

Regards,

Cristian Matei.

0 Helpful

vasanth.manoharan
Level 1
Level 1
In response to Cristian Matei

‎03-03-2020 09:23 PM

Hi ,

 

version of ASA is Version 9.8(4)8.

and i expecting configuration like this , the below nat  is for no natting :-

 

local subnet is 10.10.10.0/24 and 10.10.20.0/24  should nat with public ip address 1.1.1.1

 

after this no nat will be like below.

nat (T1toASR,outside) source static 1.1.1.1 1.1.1.1 destination static 5.5.5.5/24 5.5.5.5/24

 

on top of that i want to do the natting for local ip address:- (i.e) 10.10.10.0/24 and 10.10.20.0/24  to one public ip that is 1.1.1.1 my question is how to do the source NAT i confused lot myself.

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to vasanth.manoharan

‎03-04-2020 10:09 AM

Hi,

 

   Do you need to achieve IP connectivity between the two overlapping subnets?

 

Regards,

Cristian Matei.

0 Helpful

vasanth.manoharan
Level 1
Level 1
In response to Cristian Matei

‎03-04-2020 05:23 PM

Yes, i want to set up a VPN between two overlapping subnet

0 Helpful

joseph.pj
Level 1
Level 1

‎03-03-2020 01:09 PM

hi

 

 you can do a static NAT like below as suggested by Cristian;

 

ip nat inside source static 10.10.10.0/24 1.1.1.1

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-14-2020 09:53 AM

Hi,

 

   If you need bidirectional traffic flow, you need to do static NAT, at subnet level. Assuming the overlapping subnet is 10.10.10.0/24:

 

- you configure left side to NAT 10.10.10.0/24 into 10.11.11.0/24; configure the required objects and replace interface nameifs, but statement looks like nat(inside,outside) 1 source static 10.10.10.0/24 10.11.11.0/24 destination static 10.12.12.0/24 10.12.12.0/24

- you configure right side to NAT 10.10.10.0/24 into 10.12.12.0/24; configure the required objects and replace interface nameifs, but statement looks like nat(inside,outside) 1 source static 10.10.10.0/24 10.12.12.0/24 destination static 10.11.11.0/24 10.11.11.0/24

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card