03-13-2018 12:33 AM - edited 03-12-2019 05:06 AM
I have ASA 5520 with three interfaces (outside, inside, dmz)
i already have VPN site to site and works fine.
we need to change IP address of outside interface from public ip to private ip
i changes ip on the interface and modified default route rule and changed NAT rule as below:
old configuration:
interface GigabitEthernet0/0
ip address pub_ip 255.255.255.240
object network internet
nat (inside,outside) dynamic interface
object network local
nat (inside2,outside) dynamic interface
object network DMZ
nat (dmz2,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 Pub_ip_GW 1
New Configuration:
interface GigabitEthernet0/0
ip address Priv_ip 255.255.255.252
object network internet
nat (inside,outside) dynamic Pub_ip
object network local
nat (inside2,outside) dynamic Pub_ip
object network DMZ
nat (dmz2,outside) dynamic Pub_ip
route outside 0.0.0.0 0.0.0.0 Priv_ip_GW 1
inside clients were able to connect to internet, but VPN become down.
Note: ISP refuses doing any nat configuration from his side.
any help please
03-13-2018 12:46 AM
03-13-2018 07:29 AM
Could you please clarify more, if you have an example it will be great.
03-13-2018 08:24 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide