02-19-2014 09:47 AM
All,
I have set up a Site to Site VPN tunnel. In this tunnel, the end users traffic of interest is already a subnet we use on our network, 192.168.20.0/24. What I would like to do is set up a PAT on our tunnel will be NATTED. Our appliance locally will point to our patted address of 10.10.10.10.
So it would be:
So any traffic being generated from our inside address of 10.20.10.10 and 10.20.10.11 going to 192.168.20.0/24 will actually route to 10.10.10.10 and the ASA will translate it to whatever the 192.168.20.0/24 address will be. And if traffic is coming into the ASA from 192.168.20.0/24, it will PAT is to 10.10.10.10 and route it to the 10.20.10.10 and 10.20.10.11. Basically, I do not want our side to see the 192.168.20.0/24 from the remote site and I do not want the remote site to see the 10.10.10.10 PATTED address.
Does this make sense?
Thanks
Dwane
02-19-2014 11:00 AM
Hello,
As far as I understood you would like to configure source and destination nat, so hide the addresses of your internal and remote networks.
Here is a sample config I made for traffic for host 10.20.10.10, I hope it helps:
object network h_10.20.10.10
host 10.20.10.10
object network n_192.168.20.0
subnet 192.168.20.0 255.255.255.0
object network nat_10.10.10.10
host 10.10.10.10
object network source_nat_192.168.20.10
host 192.168.20.10
nat (inside,Outside) source static h_10.20.10.10 source_nat_192.168.20.10 destination static nat_10.10.10.10 n_192.168.20.0
Thanks
Itzcoatl
02-19-2014 11:43 AM
Itzcoati,
Will this PAT be bidirectional if configured this way?
Dwane
02-19-2014 03:10 PM
Hello Dwane,
This is bidirectional. that is correct.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide