Hide ip-address through Site-to-Site VPN

j.thygesen · ‎01-08-2013

Hi all,

I have created a site-to-site VPN between a ASA5505 and a ASA5510 without problems.

This is the setup:

-SiteA

subnet 192.168.0.0/23

-SiteB

subnet 10.142.0.0/24

subnets routed at SiteB: 10.143.0.0/16, 10.144.0.0/16, 10.144.0.0/16, 10.144.0.0/16, 10.144.0.0/16,

I want to hide 192.168.0.0 at SiteB for two reasons.

1. reason: I want to hide subnet 192.168.0.0 for security reasons

2. reason: I don't wan to route the 192.168.0.0 subnet at SiteB.

It would be nice if all traffic from SiteA to SiteB is shown at SiteB as comming from 10.142.0.3 (which is the LAN address of the ASA5510)

How can I achive this? through some kind of NAT?

j.thygesen · ‎01-17-2013

Anyone?

Rudy Sanjoko · ‎01-17-2013

Yes, I would NAT the 192.168 networks to 10.142. network, this way site B will not be able to see the real IP address of site A. As I have no lab that is free at this moment, I can't try this scenario for you,so give it a try and let us know the result,

ALIAOF_ · ‎01-17-2013

What version of IOS are you running on the ASA's 8.3 and/or above or below? You can esily get that done by doing a NAT and updating the interesting traffic in the ACL's accordingly.

rizwanr74 · ‎01-17-2013

Hi Jesper,

What you need is policy-nat, I have attached a Cisco documentation for you. This configuration is for ASA version 8.2 or lower. If you ASA verserion is greater than 8.2, please change the policy-nat configs according to your version.

thanks

Rizwan Rafeek

j.thygesen · ‎01-17-2013

Running ASA version 8.2

@rizwanr74: Will try this today and get back with the result.

rizwanr74 · ‎01-22-2013

Hi Jesper,

Please update, how did it go?

thanks