I am setting up the configuration below and I am stuck on how the One to One static NATs are to be configured.  Any help would be appreciated.

Thanks,

Ken

I am setting up a normal L2L VPN tunnel on ASA 5505 version 9.0. I would like to hide the inside subnet so it isn't seen to the remote side of the tunnel. I am having troubles with the config of that piece.

ie.

Local Inside 10.0.0.0/24

Local Outside 172.162.1.0/24

Remote Outside 172.163.1.0/24

Remote inside subnet 10.1.0.0/24

I want to hide 10.0.0.0 with 192.168.100.0/24, so when the remote side sees the local they see 192.168.100.X.

******************************

If you want the remote end to see your local network 10.0.0.0/24 with 192.168.100.0/24 instead, then you need to create a static nat for it.

First you need to created object networks and/or object groups.

network object obj-10.0.0.0-24
subnet 10.0.0.0 255.255.255.0

network object obj-192.168.100.0
subnet 192.168.100.0 255.255.255.0

network object obj-remote_inside_network
subnet 10.1.0.0 255.255.255.0

the nat rule should look like this on the ASA code you are running 9.0

nat (inside,outside) 1 source static obj-10.0.0.0-24 obj-192.168.100.0 destination static obj-remote_inside_network obj-remote_inside_network no-proxy-arp route-lookup

Please consider that on the interesting traffic you have to use the Nated subnets.

On your end the ACL on the crypto map should look like this:

access-list VPN_ACL permit ip object obj-192.168.100.0 object obj-remote_inside_network

and on the remote end it has to be the mirror:

access-list VPN_ACL permit ip object obj-remote_inside_network object obj-192.168.100.0

That way when they try to reach something on your inside network 10.0.0.0/24 they need to ping 192.168.100.0/24 instead.

The static nats will occur like this:

10.0.0.1 nated to 192.168.100.1
10.0.0.2 nated to 192.168.100.2
10.0.0.3 nated to 192.168.100.3
10.0.0.4 nated to 192.168.100.4
.
.
10.0.0.250 nated to 192.168.100.250