Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
4
Replies

Site-to-Site VPN with NAT in remote local LAN

Go to solution
David Babiano Rodriguez
Level 1
Level 1

‎02-05-2016 02:48 AM

Hi to all,

We have an ASA 5550 Firewall, it has configured some site-to-site VPN which are working properly.....

Now, we need configure a new one, but the remote IP range is the same than other local IP range in other VPN. Is there anyway for to configure a NAT to transform the remote IP range in an other diferent IP range??

I mean when this customer will try to access to our network. If his range is 192.168.1.X /24, I transform this in other IP range.........

Somebody can help me. Somebody can to give me some documentation o a link where will be explained this.

Thanks in advance.

Regards.
David.

  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to David Babiano Rodriguez

‎02-08-2016 08:07 AM

David

Yes you want the customer to do at their end because it makes your life a lot simpler.

Can they not do it ?

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-05-2016 10:35 AM

David

If the all connections are made from the customer end then you just get them to NAT their source IPs to either a range or a single IP using dynamic NAT.

If you need to make connections from both sides you will need to do NAT on both ends and it will have to be static translations at both ends as well.

Either way the crypto map acls reference the IP(s) that you have used for NAT ie. not the real IPs. 

Jon

0 Helpful

Go to solution
David Babiano Rodriguez
Level 1
Level 1
In response to Jon Marshall

‎02-07-2016 11:24 PM

Hi Jon,

thanks for your reply, but what you are telling me is my question...

I know that I have got to make a NAT for the incoming connections, but I don't know how I can do this... If I will make a NAT for these connections, I will make for all connections in this interface, and in this interface there is other customer who has the same IP range but they are cennected by other L2L-VPN....

How I can to do for solve this?? Any idea?? Only it occurs to me that my customer will be who make the NAT for his connections.....

Thanks for all in advance.

Regards.

David.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to David Babiano Rodriguez

‎02-08-2016 08:07 AM

David

Yes you want the customer to do at their end because it makes your life a lot simpler.

Can they not do it ?

Jon

0 Helpful

Go to solution
David Babiano Rodriguez
Level 1
Level 1
In response to Jon Marshall

‎02-22-2016 03:30 AM

Hi Jon, 

sorry for the delaying in my answer!! The customer's devices didn't support VPN.......... And they don't know how to make a site-to-site.........

I'm waiting because they must change their devices and today seems that they have changed it and seems that they have sombody managing their new device.

Thanks for all in advance and your last answer is the best for me because, as you as said, it makes my life easier......

Tahnks for all one more time.

Regards,

David.

0 Helpful
Customers Also Viewed These Support Documents