cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
302
Views
0
Helpful
2
Replies

Site to Site VPN on NAT Address

mikedelafield
Level 1
Level 1

Hi guys.

I just have 2 questions...

Is it possible to use a NAT address (rather than the physical) for a site to site VPN?

Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?

eg.

Firewall A Physical Address 1.1.1.1

Firewall B Physical Address 2.2.2.2

Firewall C Physical Address 3.3.3.3

Firewall C NAT Address 4.4.4.4

Firewall C NAT Address 5.5.5.5

Firewall A 1.1.1.1 -> VPN -> Firewall B VPN 4.4.4.4

Firewall B 2.2.2.2 -> VPN -> Firewall B VPN 5.5.5.5

Thanks.

Mike

2 Replies 2

Hello.

Not sure if it's possible.

Could you please clarify why do you need such configuration?

Is it possible to use a NAT address (rather than the physical) for a site to site VPN?

Yes this is possible, just remember when creating the crypto ACL that you specify the NAT'ed subnet and not the real subnet.

Following on from this - is it possible on 1 firewall to have 2 VPN IP addresses listening terminating 1 VPN each?

You can have several site to site VPNs terminated on a single ASA.  The amount is dependent on license and/or ASA model.  But you have several Firewall B listed in your example, so for a better explanation you will need to clarify exactly what you are trying to do.

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: