I am trying to set up an IPSec VPN between two sites. I have created IPSec VPN Tunnels between sites before, however I am getting a bit confused with the issue I face.
Site 1 (Remote, I have no control over) uses the subnet 192.168.253.0 /24 in their Internal LAN.
I have been told that they can't do NAT.
Site 2 (Local, the one I do control) also uses the subnet 192.168.253.0 /24 internally.
So If I was wanting to NAT their address to an unused VLAN at our side (172.22.199.0 /24 for example), what would be the access-list and NAT commands on the ASA (version 8.2(5)51 (I know its long overdue to upgrade))
is it something like this ?
access-list inside_access_in extended permit ip 172.22.10.0 255.255.255.0 192.168.253.0 255.255.255.0
access-list list1 extended permit ip 172.22.10.0 255.255.255.0 192.168.253.0 255.255.255.0
(This is the access list that is referenced in the crypto map.)
static (outside, inside) 172.22.199.0 192.168.253.0 255.255.255.0