Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1048
Views
0
Helpful
1
Replies

Lan-2-Lan VPN ASA code 8.4

bapatsubodh
Level 7
Level 7

‎09-16-2011 01:05 PM - edited ‎03-11-2019 02:26 PM

Hi,

In order to configure the Lan to Lan VPN on ASA with code 8.4 how do we configure no-nat or nat 0 so that matched packets will not undergo any natting.

Following link shows the example but it is not showing the how NAT exemption is to be configured.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html

We plan to have simple  PAT configured as follows:

object network inside_network

hostname(config-network-object)# subnet 10.1.1.0 255.255.255.0

hostname(config-network-object)# nat (inside,outside) dynamic interface

How to exempt packets those will match : source 10.1.1.0 /24 and destined for 10.1.2.0 /24 from natting in code 8.4.

Is it necessary to configure ikev2 parameters (ISAKMP and IPSEC)

crypto ikev2 enable outside  (ISAKMP enabled on outside along with ikev1)

crypto ipsec ikev2 ipsec-proposal secure
crypto map abcmap 1 set ikev2 ipsec-proposal secure


Please share the experience.
Thanks
Subodh  

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎09-16-2011 02:02 PM

Hello Bapatsubodh,

lt would be like this:

nat (inside,outside) source static 10.1.1.0  10.1.1.0 destination  static 10.1.2.0 10.1.2.0

Best Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card