Solved: Hi! Yes I've checked crypto

sulloas16 · ‎05-29-2015

Hi all!

I have this scenario below:

*serverx* --- *ASA1* ----------VPN L2L-------------- *ASA2* ------- *sw1*

10.10.0.1 20.20.20.1 20.20.20.2

VPN interesting traffic is 10.10.0.1/32 and 192.168.10.0/24.

sw1 is traslated to 192.168.10.2 and serverx can ping it.

The problem is when I try to translate ASA2 IP 20.20.20.1 to 192.168.10.1, serverx cannot ping it.

Working NAT config:

access-list NAT_MONITORING_1 extended permit ip host 20.20.20.2 host 10.10.0.1

static (admin,outside) 192.168.10.2 access-list NAT_MONITORING_1

Do you have any idea why this same configuration does not work for ASA interface IP?

Thanks in advanced!

Vibhor Amrodia · ‎05-30-2015

Hi,

Have you checked the crypto map configuration and made all the necessary changes for the NAT statement.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎05-30-2015

Hi,

Have you checked the crypto map configuration and made all the necessary changes for the NAT statement.

Thanks and Regards,

Vibhor Amrodia

sulloas16 · ‎06-01-2015

Hi!

Yes I've checked crypto map configuration and NATs.

I'm actually trying a different scenario to accomplish this...to nat ASA interface IP address on remote ASA (ASA1) and I saw that traffic goes into the tunnel from server but does not come back in the tunnel from ASA2.

I am wondering, does the ASA have a limitation to include its own interfaces IP addresses into a VPN tunnel?

NAT ASA interface for access through VPN