Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
1
Replies

Internal NAT over VPN Tunnel

Charger1129
Level 1
Level 1

‎10-27-2015 01:24 PM - edited ‎03-11-2019 11:47 PM

Hi. I'm trying to establish a VPN tunnel with another site but I need to NAT my internal IP so as to not conflict with any of their subnets. Below is an example:

My Subnet: 10.50.50.0/24

NAT To: 172.17.50.0/24

 

Would anyone have any short instructions on how to make this happen? Firewall is an ASA 5505 running 9.2

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎10-27-2015 03:38 PM

Assuming 10.50.50.0/24 is via the inside interface of the ASA  -

object network REAL_IPS
subnet 10.50.50.0 255.255.255.0

object network MAPPED_IPS
subnet 172.17.10.0 255.255.255.0

object network REMOTE_IPS
subnet <remote IP subnet> <subnet mask>

nat (inside,outside) source static REAL_IPS MAPPED_IPS destination static REMOTE_IPS REMOTE_IPS

obviously you can use whatever object names make sense to you.

The crypto map acl should reference the translated IPs not the real IPs.

You may also find this document useful as it gives examples of most types of NAT configuration and how to use them  -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card