I’ve been tasked to establish a VPN tunnel between our ASA5520 and another merging company with a Check Point on Nokia platform. I’ve got a list of IKE and IPSEC parameters from the Check Point unit and it’s external IP Address. There’s also a pre-shared key that I need to share. Another requirement is that since both companies have similar subnets, I would have to NAT all traffic over this tunnel.
My question is what do I need to configure on my ASA5520 to get this VPN tunnel established and how do I confirm that my portion is functional? Is there documentation that Cisco can provide as a reference?
You can access ASDM and following the IPsec Site-to-Site VPN which will guide you ste-by-step to configure the tunnel.
Or you can always use the CLI.
Here's a guide:
Normally you don't NAT the VPN traffic, but if you need to NAT you do the following:
access-list NAT permit ip host 10.10.1.25 REMOTE_LAN
static (inside,outside) 10.90.7.25 access-list NAT
access-list VPN permit ip host 10.90.7.24 REMOTE_LAN
The above configuration uses Policy NAT to translate the internal 10.10.1.25 to 10.90.7.25 when going to REMOTE_LAN