01-20-2022 08:11 AM
Hi. I'm trying to configure a Lan to Lan VPN between AWS (using Cisco ASAv virtual appliance) and on premises. I'm able to bring up the VPN, but I'm a little confused about how to deal with nat'd traffic on the AWS end. Part of the problem is that the on premise client insists on using a public IP for the encryption domain.
On Premise side
host IP: 192.168.7.159
gw: 192.168.7.1
ASA 5505:
Inside IP: 192.168.7.1
Static ip mapped to above internal host: 199.164.254.159
The AWS side:
host IP: 10.41.2.102
gw: 10.41.2.19
Cisco ASAv
inside IP: 10.41.2.19
AWS Elastic IP mapped back to ASAv outside interface: 24.123.200.29
If I ping 10.41.2.19 (AWS host) from the On Premise host (192.168.7.159), the VPN comes up:
On Premise ASA 5505:
AWS Cisco ASAv:
If I go the other way (From AWS to On Premise) it doesn't initiate any traffic and the VPN does not come up, and even with the VPN up, initiated from the on-premise side, there's no communication between the endpoints. I think both things are because I don't have nat set up properly on the AWS side. The on-prem ASA5505 is 8.3, and the Cisco ASAv is 9.14. I know that nat configs changed significantly with release 8.4.
I've attached my AWS CiscoASAv config. Can someone tell me what I'm doing wrong? 10.41.2.102 should be able to initiate the vpn connection, and connect to on-premise instance 199.164.254.159.
01-20-2022 08:32 AM
follow
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide