How to configure a source NAT for my LAN in an IPSec VPN on Cisco ASA

josapcolet · ‎12-03-2024

I need to configure an IPSec VPN between my ASA and the client's XYZ firewall. They have requested me to perform a source NAT for my source network. Could you please guide me on how to configure it.

I am capable of configuring an IPSec VPN using both IKEv1 and IKEv2, but unfortunately, I lack the knowledge for NAT

10.0.0.0.1 192.168.1.254

Rob Ingram · ‎12-03-2024

@josapcolet Create objects to represents the relevant networks and create a Policy NAT, example:-

nat (INSIDE,OUTSIDE) source dynamic LAN-1-REAL LAN-1-NAT destination static PARTNER1 PARTNER1

Your crypto ACL defining the interesting traffic to be encrypted would reference the NAT IP address(es).

MHM Cisco World · ‎12-03-2024

nat (INSIDE,OUTSIDE) source dynamic Local-LAN-REAL Local-LAN-NAT destination static Remote-LAN Remote-LAN 
for the ACL the ACL of IPsec use Local-LAN-NAT not Local-LAN-REAL <<- this step many engineer do wrong and VPN is failed

MHM

vishalbhandari · ‎12-08-2024

Configuring source NAT alongside an IPSec VPN on a Cisco ASA involves creating NAT rules to translate the source network as required by the client's XYZ firewall.