Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
1
Replies

Site-to-Site IPSEC Tunnel

ankit.dhawan
Level 1
Level 1

‎05-05-2017 10:06 AM - edited ‎02-21-2020 09:16 PM

We need to create a VPN tunnel where one side of the Tunnel would be in India and another in Dallas/US

India :

   Source IP address: 10.18.38.0/24

    VPN Peer IP: 202.41.204.4

Dallas/US:

   Destination IP: 10.194.8.20

   VPN Peer: 162.92.191.36

   NAT IP: 162.92.224.254

Can some please tell me how can i configure this scenario? Configuration example will be very helpful

ALso, do we NAT IP on Source side,  as 10.18.30.0/24 is a private subnet, to build this tunnel?

Labels:
0 Helpful
1 Reply 1

Ajay Saini
Level 7
Level 7

‎05-05-2017 11:09 AM

Hi Ankit,

Its pretty simple:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119141-configure-asa-00.html

subnets on each side does not need NATting unless they are overlapping. Only if you the Peer ip address is behind the NAT device, then you need to configure NAT-t option:

Info regarding nat-traversal:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_ike.html

https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec

Let me know if there are any questions.

-AJ

0 Helpful
Customers Also Viewed These Support Documents