02-19-2014 09:47 AM
All,
I have set up a Site to Site VPN tunnel. In this tunnel, the end users traffic of interest is already a subnet we use on our network, 192.168.20.0/24. What I would like to do is set up a PAT on our tunnel will be NATTED. Our appliance locally will point to our patted address of 10.10.10.10.
So it would be:
So any traffic being generated from our inside address of 10.20.10.10 and 10.20.10.11 going to 192.168.20.0/24 will actually route to 10.10.10.10 and the ASA will translate it to whatever the 192.168.20.0/24 address will be. And if traffic is coming into the ASA from 192.168.20.0/24, it will PAT is to 10.10.10.10 and route it to the 10.20.10.10 and 10.20.10.11. Basically, I do not want our side to see the 192.168.20.0/24 from the remote site and I do not want the remote site to see the 10.10.10.10 PATTED address.
Does this make sense?
Thanks
Dwane
02-19-2014 11:00 AM
Hello,
As far as I understood you would like to configure source and destination nat, so hide the addresses of your internal and remote networks.
Here is a sample config I made for traffic for host 10.20.10.10, I hope it helps:
object network h_10.20.10.10
host 10.20.10.10
object network n_192.168.20.0
subnet 192.168.20.0 255.255.255.0
object network nat_10.10.10.10
host 10.10.10.10
object network source_nat_192.168.20.10
host 192.168.20.10
nat (inside,Outside) source static h_10.20.10.10 source_nat_192.168.20.10 destination static nat_10.10.10.10 n_192.168.20.0
Thanks
Itzcoatl
02-19-2014 11:43 AM
Itzcoati,
Will this PAT be bidirectional if configured this way?
Dwane
02-19-2014 03:10 PM
Hello Dwane,
This is bidirectional. that is correct.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: