cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
787
Views
4
Helpful
6
Replies

no nat and pat statements

Yves-Buecking_2
Beginner
Beginner

Hi, I have the following question:

I have an asa 5520, and currently the box is pimarily setup for vpn remote access scenario. The IP adresses for the remote clients are lets say in the range 192.168.1.0/24 , assigned by Radius.

I currently have a no nat configuration, because I don?t need nat so far.

Now I would like to setup multiple vpn site to site connections on the same box, and I would like to hide each vpn tunnel "customer" behind a single IP, so in my understanding I would like to make PAT.

The "customerA" should hide behind 192.168.1.129/25, CustomerB behind 192.168.1.130/25 usw.

In my understanding I need a nat 0 statement for no nat?ing the remote vpn users, and a nat 1 entry for nat ?ing the vpn tunnel customer, and hide them.

Could anyone please give me some help and an example with this nat/pat issue.

Thank you very much.

6 Replies 6

Yves-Buecking_2
Beginner
Beginner

any little hint is welcome. !

Thanks

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Hi

1) Do you want to hide all customer source IP addresses behind 1 IP address when traffic comes from the customer to you

OR

2) Do you want to present the customer network as 1 IP address to your internal clients.

Also is there any reason you have taken IP addresses in your example from the same range as your client VPN's ?

Jon

Hi Jon,

thanks for the answer.

I would like to to present each customer network behind one IP address for the internal clients.

Yes. Vpn clients should be in the first half of the /25 mask, site2 site beginninng with .129.

I have only one C class availible, so I thought it might make sense to split.