Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
2
Replies

NAT traffic from Outside through VPN

JPMorris007
Level 1
Level 1

‎03-23-2011 04:55 AM - edited ‎03-04-2019 11:50 AM

Hi All,

I am currently trying to configure an ASA to NAT traffic from an outside interface thtrough a VPN tunnel.

The traffic is currently nat'd to an inside IP address on Site A. There is a VPN tunnel between Site A & Site B.

In Site A I have a subnet of 192.168.8.0/24 and a public web site. 192.168.8.5 is the ip address of the internal web server

Current entry on the ASA is

static (dmz,Outside) IPaddressofwebsite 192.168.8.5 netmask 255.255.255.255

In Site A I have a subnet of 192.168.10.0/24 and I want the traffic to be redirected to a new internal web server 192.168.10.5

so I changed the entry to

static (dmz,Outside) IPaddressofwebsite 192.168.10.5 netmask 255.255.255.255.

I get the error message in the syslogs that there is no route to 192.168.10.5 and I believe the issue is with the dmz part of the command above but I don't know which interface to put in there for the VPN - static (???,Outside) IPaddressofwebsite 192.168.10.5 netmask 255.255.255.255.

Can anyone tell me if is possible to NAT traffic coming from an outside interface through a point to point VNP tunnel to an IP address at the other side of teh tunnel?

Thanks in advance for you help.

JP

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎03-23-2011 09:12 AM

JP

it's not clear exactly what you are trying to do.

192.168.8.5 - presumably that is the DMZ on your site A firewall ?

192.168.10.5 - where does this reside in relation to the ASA ie. which interface does the ASA use to get to this network ?

If it is the inside interface then simply change the static to -

static (inside,outside) "publicIP" 192.168.10.5

basically whichever interface is used by the ASA to reach 192.168.10.5 is the interface to use in the static statement.

If i have misunderstood please explain further.

Jon

0 Helpful

JPMorris007
Level 1
Level 1
In response to Jon Marshall

‎03-24-2011 04:12 AM

Hi Jon,

Thanks for the reply.

192.168.10.5 is in Site B which is connected to the ASA through a VPN tunnel. So in effect 192.168.10.5 is connected to the outside interface of Site A.

I dont think I will be able to get this configuration to work as I am effectivily trying to re-route traffic back out the interface the traffic came in on.

Regards,

JP

0 Helpful
Customers Also Viewed These Support Documents