06-26-2012 11:50 AM
Hello, I am trying to confgure a VPN connection on a Cisco ASA 5505, and I am supposed to translate the inside network from 10.200 76.0 to host 10.1.4.204, and then from that scheme establish a VPN with the host 66.179.80.108 on network 192.168.50.0/24. I was told that this Cisco ASA appliace would be able to translate the network address as a mask in order to make the necessary connection with the other site connection.
06-26-2012 12:00 PM
Is the other site also a Cisco ASA? If so why not try the site-to-site VPN wizard in the ASDM (on both sides). It's very intuitive.
06-26-2012 01:53 PM
That is useful, but it doesnt give me the option to configure my local network of 10.200.76.0 to be masked on the network as 10.1.4.0
06-26-2012 02:45 PM
Why not assign the outside interface (or in case of the ASA 5505 VLAN 2) the IP address 10.1.4.204 then anything behind it (including the 10.200.76.0 network) would be NATed to 10.1.4.204?
06-26-2012 02:47 PM
The outside interface is static to the ISP, so i have to configure that to enable traffic.
06-26-2012 02:59 PM
Ah I see. I thought you were using those private IPs as fake IPs so you wouldn't show your real IPs on the Internet. I can't think of anything other than doing Static Nats, but I don't think that would get passed through the VPN tunnel with 10.1.4.x IP addresses.
06-26-2012 03:41 PM
Seems you need policy NAT. Here is the good article, you can tweak it for your requirements.
http://www.packetu.com/2012/01/02/asa-vpn-with-address-overlap/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide