cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1226
Views
25
Helpful
15
Replies

ASA Pre 8.3 NAT then NO-NAT config

shinakuma123
Level 1
Level 1

Hi

Am trying to set up a S2S VPN on a ASA V8.0.

I want to NAT 10.1.1.1 to 20.2.2.2 (due to IP conflict on the other end) then NAT-exempt this to go over the VPN to the remote subnet of 30.3.3.3  

 

10.1.1.1 sits on "inside" interface, the VPN cryptomap is configured and applied on "outside" interface.

 

The Crypto ACL is:


access-list VPN line 1 extended permit ip host 10.1.1.1 host 30.3.3.3  
 

1) Am not familiar with pre 8.3 config, Only used 8.4+ in the past, can someone please post the config of what the NAT / NO-NAT will be.

2) In the crypto ACL do you define the real address (10.1.1.1) as the source or the Natt'd address (20.2.2.2)?

3) There is also a ACL on the outside interface, do you permit 30.3.3.3 (the remote vpn) access to which destination IP, the real address (10.1.1.1) or the NATT'd address (20.2.2.2)?

 

Thank you!!

 

15 Replies 15

Rishabh Seth
Level 7
Level 7

Hi Shina,

 

You can refer following link for detailed explanation and configuration of S2S VPN with overlapping subnets.

 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112049-asa8x-vpn-olap-config-00.html

 

Let us know if you have any issues.

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!