Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
5
Helpful
5
Replies

NAT with VPN

Go to solution
marcio.tormente
Level 4
Level 4

‎02-15-2016 06:18 AM

Hello Friends

I´m noob with firewall and I create a VPN site-to-site with a customer with the follow informations:

My site:

10.204.x.x/24

10.69.0.0/24

some others

Site customer:

172.30.20.0/24

But the network from my site 10.69.0.0 is internal network of the customer, than they asked me to make a NAT when the network 10.69.0.0 is going to 172.30.20.0 the have to get out with the IP 172.30.100.0.

Anyone knows what can I do to make this configurations works?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee
In response to marcio.tormente

‎02-15-2016 09:52 AM

Marcio,

You can use a Static Policy NAT:

object network LAN-10.69.0.0

  subnet 10.69.0.0 255.255.x.x

object network obj-172.30.100.0_nat

subnet 172.30.100.0 255.255.255.0

object network obj-172.30.20.0  

subnet 172.30.20.0 255.255.255.0

nat (inside,outside) source static LAN-10.69.0.0 obj-172.30.100.0_nat destination static obj-172.30.20.0 obj-172.30.20.0

-JP-

View solution in original post

0 Helpful
5 Replies 5

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎02-15-2016 06:44 AM

Hi Marcio,

The nat is going to depend of the version of ASA that you are using, you can take a look to this guide:

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

-JP-

Go to solution
marcio.tormente
Level 4
Level 4
In response to JP Miranda Z

‎02-15-2016 09:47 AM

JP,

Thanks for your support, I alredy configured the follow NAT

nat (Internal,Internal) source static LAN-10.69.0.0 LAN-10.69.0.0 destination static NAT_TMF NAT_TMF

Still don´t work and in the log I can´t see any error msg, but I can´t ping the remote host.

0 Helpful

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee
In response to marcio.tormente

‎02-15-2016 09:52 AM

Marcio,

You can use a Static Policy NAT:

object network LAN-10.69.0.0

  subnet 10.69.0.0 255.255.x.x

object network obj-172.30.100.0_nat

subnet 172.30.100.0 255.255.255.0

object network obj-172.30.20.0  

subnet 172.30.20.0 255.255.255.0

nat (inside,outside) source static LAN-10.69.0.0 obj-172.30.100.0_nat destination static obj-172.30.20.0 obj-172.30.20.0

-JP-

0 Helpful

Go to solution
marcio.tormente
Level 4
Level 4
In response to JP Miranda Z

‎02-15-2016 10:16 AM

Now, they give me the follow msg:

[WARNING] nat (Internal,Lan1) 3 source static LAN-10.69.0.0 NAT_TMF destination static LAN_Alog LAN_Alog
Pool (172.30.20.0-172.30.20.255) overlap with existing pool.

NAT is apply, but don´t work, I don´t know if is because the overlap or other things.

0 Helpful

Go to solution
marcio.tormente
Level 4
Level 4

‎02-15-2016 12:16 PM

Thanks for  all support

0 Helpful
Customers Also Viewed These Support Documents