Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
3
Replies

ASA, parallel VPN (site to site) and static routing one server to 2 different dirrection

gabor.termecz
Level 1
Level 1

‎09-18-2016 08:09 AM

Dear Experts,

I have got a problem Site to Site VPN(NAT) and parallel used static route(NAT) configuration. As you see my attachment I would like te reach a Server computer with 2 different method from 2 servers. One of the connection used Site to Site VPN configuration and second way would be a static route NAT connection.

If I configured all of this on ASA, the static route way is lost and not built up as i see.

Have you ever tried configuration as I wrote? Any idea how can configure this connections properly?

Best Regards

Gabor

Labels:
Preview file
60 KB
0 Helpful
3 Replies 3

Shakti Kumar
Cisco Employee
Cisco Employee

‎09-18-2016 05:56 PM

Hi 

I don't think that there is any way to make it work with the same egress point , if you have any other egress point to ISP probably we can do another static nat to get it working but for the same destination on ASA we cannnot have two different nat defined . Even if you have 2 nat on ASA , ASA will process the first nat rule that you see in the output of " sh run nat "

Hope that helps

Thanks

Shakti

0 Helpful

gabor.termecz
Level 1
Level 1
In response to Shakti Kumar

‎09-18-2016 11:27 PM

Hi Shakti,

  Thanks your quick answer!

Let me show one more schematic because I was wrong how would be the networking.

We are not use 2 NAT parallel, we used NAT just Static Route side.

Best Regards,

Gabor

Preview file
63 KB
0 Helpful

Shakti Kumar
Cisco Employee
Cisco Employee
In response to gabor.termecz

‎09-18-2016 11:52 PM

Hi gabor.termecz ,

Based on the topology attached i understand that you have ASA1 as your VPN device and ASA0 as your ISP gateway .

If that is correct then you should not have problem , reason being that ASA0 is seeing the traffic encrypted (encapsulated with udp4500) and just sees the public ip address of ASA1 and router0 and the ip address that ASA0 sees coming from Server2 would be its real ip address , hence it would be able to differentiate between the 2 .

Hope that helps

Shakti 

0 Helpful
Customers Also Viewed These Support Documents