(my VPN device)== (my edge fw) ==> Customer VPN fw
ASA 8.2 ==> ASA ==> customer ASA
let's consider my LAN ip= 172.20.1.1/32 natted to 20.20.x.20/32 before sent to customer. it's nated on my VPN device.
and vpn device's outside IP 172.20.2.1/32 is natted to 20.20.x.15/32 on my edge firewall.
let's assume other end LAN IP is 100.100.x.x/24
I have a requirment where i need to configure VPN and hide my internal ip to customer through it. design given as above.
will the intresting acl should contain natted ip or pre-nat IP ?
which interesting traffic ACL will work, considering its running 8.2?
access-list VPN extended permit ip host 20.20.x.20 100.100.x.x 255.255.255.0
or i need to use
access-list VPN extended permit ip host 172.20.1.1 100.100.x.x 255.255.255.0
Do you mean the crypto map acl ?
If so then as far as I know there is no difference, you still reference the same IP.