ASA Network Translation Help

adamwaddell · ‎06-26-2012

Hello, I am trying to confgure a VPN connection on a Cisco ASA 5505, and I am supposed to translate the inside network from 10.200 76.0 to host 10.1.4.204, and then from that scheme establish a VPN with the host 66.179.80.108 on network 192.168.50.0/24. I was told that this Cisco ASA appliace would be able to translate the network address as a mask in order to make the necessary connection with the other site connection.

sholiday666 · ‎06-26-2012

Is the other site also a Cisco ASA? If so why not try the site-to-site VPN wizard in the ASDM (on both sides). It's very intuitive.

adamwaddell · ‎06-26-2012

That is useful, but it doesnt give me the option to configure my local network of 10.200.76.0 to be masked on the network as 10.1.4.0

sholiday666 · ‎06-26-2012

Why not assign the outside interface (or in case of the ASA 5505 VLAN 2) the IP address 10.1.4.204 then anything behind it (including the 10.200.76.0 network) would be NATed to 10.1.4.204?

adamwaddell · ‎06-26-2012

The outside interface is static to the ISP, so i have to configure that to enable traffic.

sholiday666 · ‎06-26-2012

Ah I see. I thought you were using those private IPs as fake IPs so you wouldn't show your real IPs on the Internet. I can't think of anything other than doing Static Nats, but I don't think that would get passed through the VPN tunnel with 10.1.4.x IP addresses.

Parves Ataev · ‎06-26-2012

Seems you need policy NAT. Here is the good article, you can tweak it for your requirements.

http://www.packetu.com/2012/01/02/asa-vpn-with-address-overlap/