Hide LAN behind 1 IP - VPN

Locayta123 · ‎03-05-2012

HI there.

I've been asked to configure a VPN to a remote office location and to NAT my Office VLAN behind one fixed IP.

My office VLAN: 172.16.101.0/24

Assigned static IP: 172.16.101.250

Remote Office: 10.192.0.0/24

I am ok to configure the VPN and IPSEC rules but how do i configure the NAT so that my office lvan is hidden behind the 1 static IP when access the VPN?

Julio Carvajal · ‎03-05-2012

Hello Jamie,

You need to follow the following instructions or steps:

1-The Nat rule

access-list TEST permit ip 172.16.101.0 255.255.255.0 10.192.0.0 255.255.255.0

static (inside,outside) 172.16.101.250 access-list TEST

2- Change the crypto ACL on both sites

Now it should look like this on this ASA:

access-list VPN permit ip host 172.16.101.250 10.192.0.0 255.255.255.0

On the other side

access-list VPN permit ip 10.192.0.0 255.255.255.0 host 172.16.101.250

Regards,

Do rate all the helpful posts,

Julio.

Security TAC engineer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Locayta123 · ‎03-08-2012

access-list TEST permit ip 172.16.101.0 255.255.255.0 10.192.0.0 255.255.255.0

Is this section created within the access rules list?