Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
1
Replies

NAT explanination

The_guroo_2
Level 2
Level 2

‎08-07-2012 11:19 PM

Guys we have a LAN to LAN VPN....one of the client has follwoing IP

name 160.X.X.140 tic

crypto map clientmap 5 set peer 160.X.X.140

tunnel-group 160.X.X.140 type ipsec-l2l

tunnel-group 160.X.X.140 ipsec-attributes

crypto map clientmap 5 match address TIC-VPN-ACL

crypto map clientmap 5 set transform-set ESP-3DES-SHA

access-list TIC-VPN-ACL extended permit ip host 10.1.20.1 host 160.X.X.142 log warnings

So it means that tarffic initiate from our side (correct me if i am wrong)

static (External,Internal) 192.168.1.6 160.X.X.142 netmask 255.255.255.255

can some on explain this NAT statement

1- what does this NAT do if someone from inside network with ip address of 10.X network will it get translated to 192. address

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎08-08-2012 12:37 AM

This static means that if someone enters the ASA from "External" with a real IP of 160.x.x.142, his source address gets translated to 192.168.1.6. The other way round, if someone comes from "Internal" and wants to reach the "External" destination-address of 192.168.1.6, that destination-address gets translated to 160.x.x.142.

This NAT-rule doesn't specify what to do with your 10.x source-address. For that there is probably another NAT-statement. Look for other "static ..."-commands and also for "nat (Internal) 0 ...".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents