I am moving an existing VPN tunnel from an 8.0(4) ASA to an 8.3(2) ASA appliance and the previous config will not translate over.
In the existing tunnel I am using both Internal NATs to get to the other end of the tunnel and external NATs for the customer to get to internal hosts.
In essence the configuration is like this:
Internal host --> customer server:
SRC 1.51.6.5 --> DST 1.51.6.34
--> After NATing:
SRC 8.8.8.132 DST 140.140.140.1
I have a route that sends all traffic bound to 140.140.140.1 via the VPN peer address, which in 8.0(4) results of the traffic being shoved into the VPN tunnel. In 8.3 the same does not work.
Packet traces show that the VPN lookup is not performed until I add the real SRC IPs intot he cryptomap, which I am trying to avoid as our customer would have to add it into their crypto map and it would defeat the whole idea of NATing in the first place!
I have looked all over the Internet, but cannot find anything besides explanations on how NAT is now different.
Any help would be appreciated.
Thanks
Joerg