cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3283
Views
0
Helpful
14
Replies

Many-to-one NAT on L2L VPN (ASA 5505)

NPBergen08
Level 1
Level 1

I am trying to confgure a L2L VPN tunnel to a service provider using an ASA 5505.

My problem is that the service provider will not accept traffic from a LAN subnet, they will only accept traffice from a public IP.

We have a small public subnet of x.x.x.50/255.255.255.248, our public IP (outside interface IP on the ASA 5505) is x.x.x.50 and the service provider wants to see traffic coming from us on x.x.x.51

How can I NAT our LAN subnet (10.0.0.0/24) to one public IP (x.x.x.51)?

Im new to Cisco firewalls so essentially I need a complete config

All help is highly appreciated

14 Replies 14

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Cato,

For that NAT you need the following:

192.168.12.0/24 Is the ISP network

10.0.0.0 /24 is the Inside local network

access-list test permit ip 10.0.0.0 255.255.255.0 192.168.12.0 255.255.255.0

nat (inside) 10 access-list test

global (outside) 10 x.x.x.51

On the encryption VPN traffic (Crypto ACL)

the encrypted traffic will be from:

     access-list VPn permit ip host x.x.x.51 192.168.12.0 255.255.255.0

Regards,

Julio

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC