Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
1
Replies

Stablish Site to site between ASA behind NAT

onlinerecharge
Level 1
Level 1

‎03-05-2013 09:49 PM

Dear All,

We have a scnario  like 

LAN(20 Host)--------------------ASA(5510)-------------------------Internet router(Doing nat)-----------------Cloud-------------------ASA------------------------LAN(20 Host)

                         private ip inside       private ip out      private ip                    public ip                        public ip         private ip

                         192.168.170.0          10.10.10.1        10.10.10.2                  115.249.190.34             182.235.111.2    10.10.10.40      10.10.10.90

Now if i want to establish a site to site between asa to asa but internet router id already doing nat then how IPSEC will work?

Please suggest?

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎03-07-2013 05:05 AM

If you have a spare public IP on the router, you can perform 1:1 static NAT on the router to the ASA outside interface IP.

If you don't have a spare public IP and would like to use the router interface IP, then you can perform static PAT on the router for UDP/500 and UDP/4500. Plus you would need to ensure that NAT-T is enabled on the ASA.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents