NAT - VPN - Please Help

Mr.AliKhan · ‎01-08-2011

HI All,

I would be grateful if someone would help me achieve following:

Two Remote sites need to be connected via VPN.

Site 1:

Public IP: 210.23.149.134

Local network: 10.40.1.0/24

Site 2:

Public IP: 210.168.66.136

Local network: 192.168.200.0/24

Here is the issue:

Admins of Site 1 wants us to do Nat from 192.168.200.0/24 ---> 10.168.42.0/24.

In the same manner when the packets are sent back from 10.40.1.0/24 (Site 1) to 10.168.42.0/24, it should be translatted back to 192.168.200.0/24.

Note: Only SIte 2 (Cisco ASA 5505) needs to be configured.

How can this be done?

Thank you for any tips or help

Kind Regards

Federico Coto Fajardo · ‎01-08-2011

Hi,

Site 2 has the ASA.

This is the required config:

access-list NAT permit ip 192.168.200.0 255.255.255.0 10.40.1.0 255.255.255.0

static (in,out) 10.168.42.0 access-list NAT

access-list VPN permit ip 10.168.42.0 255.255.255.0 10.40.1.0 255.255.255.0

The first two lines are the required NAT configuration to NAT the traffic prior to sending it through the tunnel.

The last ACL is applied for VPN traffic.

Hope it helps.

Federico.

Mr.AliKhan · ‎01-17-2011

Hi Federico,

Thanks soooooo much for the reply. I couldn't reply earlier for medical reasons, so please pardon me for late reply.

I will try the settings and post the results as soon as I am fit again to sit next to the Router.

Kind Regards

FK

Federico Coto Fajardo · ‎01-17-2011

No problem.

Let us know if it works!

Federico.