09-18-2016 08:09 AM
Dear Experts,
I have got a problem Site to Site VPN(NAT) and parallel used static route(NAT) configuration. As you see my attachment I would like te reach a Server computer with 2 different method from 2 servers. One of the connection used Site to Site VPN configuration and second way would be a static route NAT connection.
If I configured all of this on ASA, the static route way is lost and not built up as i see.
Have you ever tried configuration as I wrote? Any idea how can configure this connections properly?
Best Regards
Gabor
09-18-2016 05:56 PM
Hi gabor.termecz ,
I don't think that there is any way to make it work with the same egress point , if you have any other egress point to ISP probably we can do another static nat to get it working but for the same destination on ASA we cannnot have two different nat defined . Even if you have 2 nat on ASA , ASA will process the first nat rule that you see in the output of " sh run nat "
Hope that helps
Thanks
Shakti
09-18-2016 11:27 PM
09-18-2016 11:52 PM
Hi gabor.termecz ,
Based on the topology attached i understand that you have ASA1 as your VPN device and ASA0 as your ISP gateway .
If that is correct then you should not have problem , reason being that ASA0 is seeing the traffic encrypted (encapsulated with udp4500) and just sees the public ip address of ASA1 and router0 and the ip address that ASA0 sees coming from Server2 would be its real ip address , hence it would be able to differentiate between the 2 .
Hope that helps
Shakti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide