cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
495
Views
0
Helpful
3
Replies

VPN Site to Site using private ip on outside interface

I have ASA 5520 with three interfaces (outside, inside, dmz)

i already have VPN site to site and works fine.

we need to change IP address of outside interface from public ip to private ip

i changes ip on the interface and modified default route rule and changed NAT rule as below:

 

old configuration:

interface GigabitEthernet0/0
ip address pub_ip 255.255.255.240
object network internet
nat (inside,outside) dynamic interface
object network local
nat (inside2,outside) dynamic interface
object network DMZ
nat (dmz2,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 Pub_ip_GW 1

 

New Configuration:

interface GigabitEthernet0/0
ip address Priv_ip 255.255.255.252
object network internet
nat (inside,outside) dynamic Pub_ip
object network local
nat (inside2,outside) dynamic Pub_ip
object network DMZ
nat (dmz2,outside) dynamic Pub_ip
route outside 0.0.0.0 0.0.0.0 Priv_ip_GW 1

 

inside clients were able to connect to internet, but VPN become down.

Note: ISP refuses doing any nat configuration from his side.

 

any help please

3 Replies 3

If the peer is changing to private then assuming that natting done by your
provider. In this case I am assuming that your provider is using dynamic
natted IPs. Therefore, you need to configure dynamic map on your ASA for
VPN to work. Limitation, traffic has to be initiated from the site with
dynamic map.

Could you please clarify more, if you have an example it will be great.