cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
6
Replies

PAT over IPSEC connection to remote site

Anuar Shahrin
Level 1
Level 1

Hi All,

I need an advice here on a setup for Cisco ASA.

Is there any possibility to perform a PAT from Public IP to an IP that is located in the firewall in remote site which connected to HQ ASA via IPSEC?

Attached is the diagram of the setup.

Thank you in advance.

6 Replies 6

Philip D'Ath
VIP Alumni
VIP Alumni

Yes, but there is a lot of complicated configuration involved.

Hi philip,

Is there any documentation that I can refer to?

I've this setup being use but with different firewall vendor. so I want to know how to do it in Cisco ASA.

I went throug their configuration. Its seems like a straight forward mapping from Public IP <> Private IP behind the other Firewall.

You need to read up about outside to outside NAT.  You'll probably have to use intra-interface as well.

Thanks Philip, will look up on it.

As Philip already mentioned, this is a quite complicated setup. I would try to avoid it. My favorite ways to solve these problems are:

  1. Place the server into the headquarter
  2. Place a reverse-proxy into the headquarter that takes the requests from the internet and builds a new connection to the remote server
  3. Use the remote firewall directly to access the server.

Thanks Karsten for the reply.

Unfortunately I do not have much of an option now since the server is located in a cloud provider. The connection to the cloud provider is via the IPSEC tunnel which is going out the same interface.

I guess, my best bet is allow intra-interface/hair pinning the NAT.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: