ASA l2-vpn nat question

bj_vosman · ‎05-13-2011

Hello,

i am trying to config below scenario for setting up s-2-s vpn connection

10.10.3.20/32 ---ourASA <------->vpnboxcustomer ---- 10.10.7.0 /22 Customer

between here a vpn connection is needed,

On our side of the network there is also a range of 10.10.8.0 (Management interface range on our ASA). It falls in the range of our customer.

What should i do here? The customer dont want to NAT on there side.

Kind Regards,

andamani · ‎05-13-2011

Hi,

Is it possible to nat at your end?

Regards,
Anisha

P.S.:please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

bj_vosman · ‎05-14-2011

Yes on our side it is possible to nat

andamani · ‎05-14-2011

hi,

you can nat at your end. Make the interesting traffic as from natted address to customer network.

on the customer end the intersting traffic will be from customer network to natted address. There will also be a nat exemption for the traffic from customer network to natted address.

This should do the trick.

hope this helps.

regards,
Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

bj_vosman · ‎05-16-2011

hi,

Thanks for taking time for this question.

do you mean that i have to nat 10.10.3.20/32 ?

10.10.3.20/32 ---ourASA <------->vpnboxcustomer ---- 10.10.7.0 /22 Customer

bj_vosman · ‎05-16-2011

sorry i made a typo, our mangement range on the asa is 10.10.

6.0/24

and this address falls into 10.10.7.0/22 (the address range from our customer)