12-08-2008 01:22 PM - modifié 03-11-2019 07:22 AM
I have a new vpn tunnel that I would like to NAT to the internal network address space. The new tunnel is coming from 172.31.17.0 and the existing LAN on the ASA is 172.31.16.0 Is there a good solution to make the incoming tunnel hav a source address from the 172.31.16.0 network to access other resources?
Résolu ! Accéder à la solution.
le 12-08-2008 01:44 PM
Tom
Assuming it is a site-to-site VPN and assuming a spare IP address of 172.31.16.10
nat (outside) 2 172.31.17.0 255.255.255.0 outside
global (inside) 2 172.31.16.10
OR if you want to use the interface address
global (inside) 2 interface
Note i have used a nat-id of 2 in the example, just use a nat-id that is unused.
Jon
le 12-08-2008 01:27 PM
Tom
Is this a site-to-site VPN tunnel ?
Do you have a spare IP address in the 172.31.16.x subnet or do you want to use the inside interface address on the ASA ?
Jon
le 12-08-2008 01:38 PM
Jon,
I could use either. The interface is 172.31.16.1 or I could utilize an open IP on the inside.
Tom
le 12-08-2008 01:44 PM
Tom
Assuming it is a site-to-site VPN and assuming a spare IP address of 172.31.16.10
nat (outside) 2 172.31.17.0 255.255.255.0 outside
global (inside) 2 172.31.16.10
OR if you want to use the interface address
global (inside) 2 interface
Note i have used a nat-id of 2 in the example, just use a nat-id that is unused.
Jon
le 12-08-2008 02:14 PM
Jon,
Thanks for your help. This will work.
Tom
Découvrez et enregistrez vos notes préférées. Revenez pour trouver les réponses d'experts, des guides étape par étape, des sujets récents et bien plus encore.
Êtes-vous nouveau ici? Commencez par ces conseils. Comment utiliser la communauté Guide pour les nouveaux membres