08-14-2012 01:40 AM - edited 03-11-2019 04:41 PM
Hi,
we have a cisco asa5505 with one S2S ipsec vpn running, the remote site ask us to NAT our interanal LAN before to establish the tunnel to them.
f.e.: original internal address 192.168.1.0 > Natted 172.16.1.0 > tunnel vpn > remote site lan 10.1.1.0.
Now we need to access to the remote site also outside the office so we need to configure a new remote ipsec vpn connection.
Our remote vpn (using the cisco vpn ipsec client) will get an ip address inside pool 192.168.2.1-10.
Now remote vpn are able to connecto to the internal network 192.168.1.0 but NOT to the remote vpn site 10.1.1.0 this because in order to establish the tunnel the traffic should be first natted to 172.16.1.0.
I try to setup a dynamic nat rule using ASDM but the system do not accept it because both source (pool vpn) and destination (remote site) networks are on the outside interface.
Is there any possibility to configure such a scenario?
Thank you.
Andy
Solved! Go to Solution.
08-14-2012 06:08 AM
I guess what you basically need to make sure is the following
- Jouni
08-14-2012 03:30 AM
Hi,
Its possible.
Would be easier to look it through if you could provide you current firewall configuration (without any sensitive information)
But here is some questions
- Jouni
08-14-2012 05:20 AM
Hi,
nat (inside) 1 access-list inside_nat_outbound
access-list inside_nat_outbound extended permit ip 192.168.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_3
object-group network DM_INLINE_NETWORK_3
network-object pippo 255.255.255.128
network-object pippo2 255.255.255.240
name 10.51.237.128 pippo
name 10.51.253.128 pippo2
Attached the part of the running configuration.
Thank you for your support.
Andy
08-14-2012 06:08 AM
I guess what you basically need to make sure is the following
- Jouni
08-20-2012 05:35 AM
Great!! It works.
Thank you Jouni!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide