Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
1
Replies

ASA VPN NAT conumdrum

ROBERT CROOKS
Level 1
Level 1

‎10-26-2011 01:31 PM

I have been struggling to come up with the proper config to do a NAT of an incoming VPN tunnel to a VLAN on my network that I hope either someone has done or can shed some light on.

I have an ASA 5510 with an IPSEC site-to-site tunnel to a partner network of 166.110.0.0/17.

I have several VLANs on the ASA interface behind a cat4500 router (192.168.100.0\24, 172.16.4.0/24, 166.110.128.0/22 etc). The only network that the partner network sees is the 166.110.128.0/22.

My problem is that I need to give them access to a node on my 192.168.100.0/24 net, but can't get the admin on the other side to add a route and adjust his tunnel.

My idea is that I will take an IP on my net, say 166.110.128.10, and do an inbound NAT to an address to 192.168.100.200. This way they communicate with a known address to them, but my server is on another VLAN.

Should this be done at the level of the VPN tunnel, or can I NAT between VLANs on the cat4500?

Any help would be extremely appreciated.

regards

Robert

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎10-26-2011 05:28 PM

Robert,

A simple static nat should take take of this:-

static (inside,outside) 166.110.128.10 192.168.100.200

0 Helpful
Customers Also Viewed These Support Documents