08-15-2022 08:23 AM
First off, thank you to everyone on this board. Long time reader but first time post.
I'm trying to deploy a site-to-site vpn for a customer with a Juniper SRX on one side and a Cisco ASA-X (don't know software version). The cisco side has two subnetworks. One of the network overlaps with the network on the SRX. For the overlapped network, I can use NAT. How do I get traffic from the network that does not overlap on the ASA over to the SRX.
08-15-2022 08:32 AM - edited 08-15-2022 08:34 AM
@Alex101 for the network that does not overlap you need to ensure the real network (192.168.60.0/24) is defined in the ASA's crypto ACL. You'll probably also need a NAT exemption rule to ensure that this traffic is not unintentially translated behind the outside interface.
Example:
object network REMOTE
subnet 192.168.58.0 255.255.255.0
object network LOCAL
subnet 192.168.60.0 255.255.255.0
!
access-list VPN extended permit ip object LOCAL object REMOTE
!
nat (inside,outside) source static LOCAL LOCAL destination static REMOTE REMOTE
Amend the ASA interface names and crypto ACL accordingly.
08-15-2022 09:08 AM
You must play with NAT make new subnet that different and NAT your overlapping LAN to this new subnet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide