Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
9
Helpful
2
Replies

NAT on ASA with VPN

Go to solution
ercan.kacan
Level 1
Level 1

‎06-26-2007 12:22 PM

Hi,

I need to setup a L2L VPN connection but don't know how.

I have on one site ASA with network 10.14.14.0 /24 and on the other site also an ASA with network 10.14.16.0/24.

I need to NAT every traffic coming from 10.14.14.0/24 and going to 10.14.16.0/24 to 10.19.1.15/32.

Is this possible?

If so where can I find samples?

Thanks and regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jaffer_sathik2010
Level 1
Level 1

‎06-27-2007 01:16 AM

Hi,

It is possible.

sample Configuration using ASDM:

-------------------------

http://www.cisco.com/en/US/products/ps6120/products_getting_started_guide_chapter09186a0080856cf8.html

Sample configuration using IOS commands:

---------------------------------------

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

--Jaffer

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jaffer_sathik2010
Level 1
Level 1

‎06-27-2007 01:16 AM

Hi,

It is possible.

sample Configuration using ASDM:

-------------------------

http://www.cisco.com/en/US/products/ps6120/products_getting_started_guide_chapter09186a0080856cf8.html

Sample configuration using IOS commands:

---------------------------------------

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

--Jaffer

0 Helpful

Go to solution
ggilbert
Cisco Employee
Cisco Employee

‎06-27-2007 05:06 AM

Hello Ercan,

You can do policy NAT on the ASA on both the sides. What you have to do is, change the IP Address of your internal network through policy NAT and use the changed address on the encryption ACL.

For eg: Site A internal network is 10.14.16.0/24 and you want it be changed to 10.19.1.0/24

access-list 188 permit ip 10.14.16.0 255.255.255.0 10.19.2.0 255.255.255.0

static (inside,outside) 10.19.1.0 access-list 188

encryption access-list

access-l 181 permit ip 10.19.1.0 255.255.255.0 10.19.2.0 255.255.255.0

The 10.19.2.0/24 network is the remote side network that I opted to change as. You can change it to whatever you want but, make sure you make the changes in the access-list accordingly

Or as you proposed you can change it to a single IP as well.

EG:

access-list 188 permit ip 10.14.16.0 255.255.255.0 10.19.2.1 255.255.255.255

nat (inside) 3 access-l 188

global (outside) 3 10.19.1.15

encryption access-list will be:

access-list 181 per ip host 10.19.1.15 host 10.19.2.1

Hope this answers your questions.

Rate this post, if it helps.

Thanks

gilbert

Customers Also Viewed These Support Documents