Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
1
Replies

ASA VPN Outside NAT

nap.deguzman
Level 1
Level 1

‎09-10-2015 09:11 AM

Hi Guys!

 

Trying to establish this VPN connection to our new client but the client refuse to provide public IP and our policy disallows routing to a private subnet. So what I did was configured a one to one NAT so that any traffic destined to the client's private IP will be translated to a public address. However, VPN cannot be established properly. I can see that Phase 1 is being established but I am failing on Phase 2. See attached configuration and debug logs when I tried to send interesting traffic to the NAT IP.

My client's configuration allows traffic from their private IP 10.3.32.4 to my own private subnet 10.79.15.0/24. My question now is, does my client need to change the configuration on their side to allow traffic to my NAT IP?

 

Any other suggestions of ideas will be much appreciated. Thanks!

Labels:
Preview file
5 KB
Preview file
10 KB
0 Helpful
1 Reply 1

pjain2
Cisco Employee
Cisco Employee

‎09-10-2015 10:47 AM

here is what you are trying to achieve:

10.79.15.0---site A=====vpn====siite B----10.3.32.4

 

you can ask the remote peer to change his crypto acl to allow the traffic from public ip to the 10.79.15.0/24 subnet.

also he would be required to configure un-nat on his end for the public to private ip

this is the only way it will work; either you would need to allow private subnet traffic through vpn on your end or ask the remote end to translate their local ip to a public ip and then send it through the tunnel

 

0 Helpful
Customers Also Viewed These Support Documents