VPN site to site with Nat before send packets

santiagohoyos · ‎05-20-2014

Hi,

We need to make a vpn with customer but the segment go our customer have it it's not same that out network address.

The simple network connection is :

VPN-IPSEC

PC ------------------- ASA -----------------------------Firewall custommer ---------------------- server

10.57.4.92 10.57.1.10 192.168.67.12

The information that our customer give us for make VPN is :

Our encryption domain : 192.168.50.10/32

Customer encryption domain : 192.168.67.12/32

The idea that I have is make a nat in ASA to change all traffic from 10.57.4.92 to 192.168.67.12 for 192.168.50.10 and this send to VPN.

the nat rule the i think setup is :

Setup VPN un my ASA and create this rule to route traffic

static (inside,outside) 192.168.50.10 10.57.4.192 netmask 255.255.255.255

I need you opinion about it or your idea to make it.

Thanks,

vpersaud001 · ‎06-03-2014

Hello... did you get this to work? The static statement you have will NAT all traffic from 10.57.4.192 (or .92 --typo?) to 192.168.50.10. To identify the destination you probably need an ACL in the static statement, something like:

access-list aclnat extended permit ip host 10.57.4.192 host 192.168.67.12
static (inside,outside) 192.168.50.10 access-list aclnat
For the site to site VPN crypto ACL use the NAT'ed IP 192.168.50.10.