Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1225
Views
25
Helpful
15
Replies

ASA Pre 8.3 NAT then NO-NAT config

Go to solution
shinakuma123
Level 1
Level 1

‎10-25-2015 07:33 AM

Hi

Am trying to set up a S2S VPN on a ASA V8.0.

I want to NAT 10.1.1.1 to 20.2.2.2 (due to IP conflict on the other end) then NAT-exempt this to go over the VPN to the remote subnet of 30.3.3.3  

 

10.1.1.1 sits on "inside" interface, the VPN cryptomap is configured and applied on "outside" interface.

 

The Crypto ACL is:


access-list VPN line 1 extended permit ip host 10.1.1.1 host 30.3.3.3  
 

1) Am not familiar with pre 8.3 config, Only used 8.4+ in the past, can someone please post the config of what the NAT / NO-NAT will be.

2) In the crypto ACL do you define the real address (10.1.1.1) as the source or the Natt'd address (20.2.2.2)?

3) There is also a ACL on the outside interface, do you permit 30.3.3.3 (the remote vpn) access to which destination IP, the real address (10.1.1.1) or the NATT'd address (20.2.2.2)?

 

Thank you!!

 

Labels:
0 Helpful
15 Replies 15

Go to solution
Rishabh Seth
Level 7
Level 7

‎10-25-2015 08:20 AM

Hi Shina,

 

You can refer following link for detailed explanation and configuration of S2S VPN with overlapping subnets.

 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112049-asa8x-vpn-olap-config-00.html

 

Let us know if you have any issues.

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

Customers Also Viewed These Support Documents