Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
978
Views
0
Helpful
2
Replies

NAT originated traffic from inside to passthrough an IPsec VPN

wael.hedhli
Level 1
Level 1

‎04-17-2020 03:20 AM - edited ‎04-17-2020 07:26 AM

Hi,

 

I need to contact a remote LDAP server via the inside interface.this remote LDAP server is reachable via an IPsec tunnel and due to network overlapping we are natting source addresses before they passthrough the VPN.

Is it possible to nat the inside interface address to make the remote server accessible?

 

I have created a dynamic source NAT rule, but that did not work.

 

Any idea ?

 

EDIT : i have attached a network diagram to give you guys a clear vision about the issue

as described in the diagram , the ASA is trying to reach the LDAP server (192.168.2.100) using the inside interface (192.168.66.1) passing through an IPSec which require a Source NAT to 192.168.5.0/24 because of the address overlapping.

the nat is working fine for all the LAN subnets exepct for the inside.

 

Thanks

Preview file
60 KB
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎04-17-2020 05:28 AM

Can you provide more information with the config to understand the issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-17-2020 06:31 AM

I don't think you can force the ASA to originate traffic from the Inside interface, NAT it and then put it into the tunnel to reach the LDAP server at the other end.

Could you possibly use the the ASA management interface? Then you can have a management-only route for the traffic to send it out via the inside interface (either directly or indirectly).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card