11-04-2010 11:12 AM
I’ve been tasked to establish a VPN tunnel between our ASA5520 and another merging company with a Check Point on Nokia platform. I’ve got a list of IKE and IPSEC parameters from the Check Point unit and it’s external IP Address. There’s also a pre-shared key that I need to share. Another requirement is that since both companies have similar subnets, I would have to NAT all traffic over this tunnel.
My question is what do I need to configure on my ASA5520 to get this VPN tunnel established and how do I confirm that my portion is functional? Is there documentation that Cisco can provide as a reference?
11-04-2010 12:00 PM
Hi,
You can access ASDM and following the IPsec Site-to-Site VPN which will guide you ste-by-step to configure the tunnel.
Or you can always use the CLI.
Here's a guide:
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml
Federico.
11-04-2010 12:25 PM
I need to NAT my host 10.10.1.25 to 10.90.7.25. How do I do this?
11-04-2010 12:50 PM
Hi,
Normally you don't NAT the VPN traffic, but if you need to NAT you do the following:
access-list NAT permit ip host 10.10.1.25 REMOTE_LAN
static (inside,outside) 10.90.7.25 access-list NAT
access-list VPN permit ip host 10.90.7.24 REMOTE_LAN
The above configuration uses Policy NAT to translate the internal 10.10.1.25 to 10.90.7.25 when going to REMOTE_LAN
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: