Solved: Re: IPSec VPN Nat question

jkay18041 · ‎03-10-2021

I have an ASA 5508-x and I've got a vendor who wants to create a site to site vpn between us and their ASA.

They would like to give me a /28 subnet of private IPs to use to avoid overlapping on their network and then they want me to nat those to my assigned private IPs of the servers they need to talk to.

What is the best way to do that? Would I create a network object for each server with it's assigned IP. Create the site to site vpn tunnel with their /28 range, then I'm confused on how I would Nat a private subnet to another private subnet or how I can do this.

Any suggestions would be great, I typically use the ASDM but can probably figure it out if someone has an example on the cmd.

Thank you!

AndreaTornaghi · ‎03-11-2021

Dear,

you should create the VPN tunnel using the NAT subnet and on the NAT rule create a new policy for natting your subnet with the new NAT subnet when your destination is the remote network behind the VPN tunnel.

View solution in original post

AndreaTornaghi · ‎03-11-2021

Dear,

you should create the VPN tunnel using the NAT subnet and on the NAT rule create a new policy for natting your subnet with the new NAT subnet when your destination is the remote network behind the VPN tunnel.