11-26-2010 03:30 AM
OS - 8.3
vpn client pool - 10.10.10.0\24
Remote network across L2L - 20.20.20.0/24
The remote network (20.20.20.0/24) accepts traffic only from 30.30.30.0/24
I cannot use 30.30.30.0/24 as my dhcp pool because it is too small and I have a much wider userbase.
How do I do the translation to accomplish this?
11-26-2010 06:29 AM
Go through this and modify your configuration as needed.
11-26-2010 10:33 AM
I have already seen this. There is no translation required in the example shown whereas I need NAT translation.
I want vpn client pool (10.10.10.0/24) to translate to accepted IP by remote ASA (30.30.30.30/32) and no-nat tunnel to Remote ASA L2L(20.20.20.0/24)
12-01-2010 03:14 AM
I am stuck here. any idea how to achieve this?
12-02-2010 06:40 AM
Hi,
The commands would be as below:
object net POOL
network 10.10.10.0 255.255.255.0
object net REM_L2L
network 20.20.20.0 255.255.255.0
object host NAT_IP
host 30.30.30.30
nat (outside,outside) source dynamic POOL NAT_IP destination static REM_L2L REM_L2L
this should NAT your VPN clients to 30.30.30.30 when accessing the remote L2L. I am assuming you have all the U-turning commands already in place based on the above document. Please note that the crypto ACL in this case would be:
Local ASA:
from 30.30.30.30 to 20.20.20.20/24
On remote end:
from 20.20.20.0/24 to 30.30.30.30.
On the split tunnel ACL for VPN client (if there is one), ensure to add the network 20.20.20.0/24.
Let me know how it goes!!
Cheers,
prapanch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide