Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
0
Helpful
4
Replies

Cisco ASA 5506X + VPN IPSEC

Go to solution
dorcejose
Level 1
Level 1

‎11-23-2016 07:58 AM - edited ‎03-05-2019 07:32 AM

Hi!

If anyone can guide me!!

I have the following scenario:

IP: A.A.A.A |SERVER|------------|ASA 5506X|<------IPSEC------->|ASAXXXX|-------------|SERVER| IP: B.B.B.B

The vpn ipsec specifications  :

Left peer (asa5506x) ip: X.X.X.X

domain encryption : 10.5.41.0/24 

Right peer (ASAXXX) ip:XX.XX.XX.XX

domain encryption : 10.5.43.0/24

I do not know how to mask the ip address A.A.A.A(ORIGINAL) whit 10.5.41.xx  to generate traffic to the other side.

With iptables(openswan) can do it :

iptables -t nat -I POSTROUTING -s A.A.A.A -d 10.5.43.5/32 -j snat --to 172.16.41.100

Whit cisco asa , i don know...

Someone help me?

PD: i have access to ASA5506X.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to dorcejose

‎11-23-2016 11:11 AM

I do not understand what you are telling me. It sounds like perhaps you are saying that you need to NAT the traffic. Is that the case?

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-23-2016 08:07 AM

This link has a good discussion and examples which I hope will be helpful to you for configuring site to site VPN on ASA

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119141-configure-asa-00.html

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
dorcejose
Level 1
Level 1
In response to Richard Burts

‎11-23-2016 08:26 AM

Thanks! Richard! very fast Answer!

The link, is helpful , but in the example the domain encryption in both sides  are "real". In my case, the domain encryption on both sides are "ficticius" , the "real" ips must be masquerade.

The tunnel is up but I can not generate traffic, since the source ip are not interesting traffic. I need to mask those ip's to format 10.5.41.0/24.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to dorcejose

‎11-23-2016 11:11 AM

I do not understand what you are telling me. It sounds like perhaps you are saying that you need to NAT the traffic. Is that the case?

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
dorcejose
Level 1
Level 1
In response to Richard Burts

‎11-24-2016 08:41 AM

Sorry !


I need all the traffic that originates in my encrypted domain , example 172.16.1.254, be masked with ip 10.5.41.254 , In this way the traffic is directed by the vpn.

And all the traffic that comes from 10.5.43.100 (example) ,Head towards 172.16.1.254.

I explain ?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card