Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
175
Views
0
Helpful
1
Replies

CISCO ASA VPN and NAT

Mark.Smith1969
Level 1
Level 1

‎11-18-2016 02:47 AM

Hi I have a company that want to use a site-site VPN.

(IP addresses made up for example)

Public IP 91.91.75.101

They do not want us to directly access the internal network and  are using two Nat addresses to internal servers. 

91.91.75.110

91.91.75.112

Although the ip addresses above are available publicly,  want all traffic between us and them to go via a VPN.

I have never done this type of VPN before and only normally create these using the ADSM. 

Can anyone help point me in the correct direction. 

Thanks

Mark

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-18-2016 05:58 AM

when sending traffic to your peer, NAT is done before encryption. That means that you have to:

  1. Build a NAT-rule for that server
  2. include the translated IP into your interesting traffic for the VPN that is gets encrypted.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents