Site to site IPSEc vpn configuration Access list

teymur azimov · ‎09-13-2011

Hi Dears

I have a this issue. I think that someone can help me.

i configurated Ipsec vpn at asa 5510.

my inside ip 192.168.10.156

my public ip: 85.x.x.x

my peer ip : 62.x.x.x

the project is that:

the remote site want the interesting traffic like that:

source ip 172.16.1.104 can access destination ip 10.0.154.27

my inside ip is 192.168.10.0/0 and i can not to change it 172.16.1.0/24 and i can not to add this ip at my network.

in this case what i do?

it is very interseting but i do not know how to solve this?

is it possibly to nat 192.168.10.0 to 172.16.1.104 but the 172.16.1.104 ip is not assigned at my ASA.

one version write loopback 172.16.1.104 but i can not know exatly it is work or not??

please help me

thanks

parviz_nasirov · ‎09-13-2011

Dear Teymur

Just add static route to Inside 172.16.1.0/24 through your inside IP .... and from Host PC add route to 192.168.10.0 subnet via ASA

teymur azimov · ‎09-14-2011

Sorry Parviz

i explain wrong;

the access rules is that which we used at site to site vpn.

the 172.16.1.0 source can access 10..0.154.27

at asa my inside ip is 192.168.10.0 and 172.16.1.0 can not assign at asa and i can not add this subnet.

the process is that i think so my inside 192.168.10.0 ip must nat to 172.16.1.0 and then i used this 172.16.1.0 ay my interesting traffic access list.

how i do that?

parviz_nasirov · ‎09-15-2011

Hi Teymur,

Nat is not need .... Just create acl for interesting traffic for the 176.16.1.0 .. and add static route to inside .

for example : if you use in Lan 192.168.10.0/24 and you need to use another subnet .... in this case you can use your hosp PC with secondary IP address configuration ... and from asa you just add static route like that

route inside 176.16.1.0 /24 192.168.1.1

after encrypted packet arrived at asa first it decrypt it and goes to the route 176.17.1.0/24 .