VPN with NAT

marcio.tormente · ‎04-12-2016

Hello Folks

I have a topology very stranger as you can see in the file attached.

I have public IP rang /24 and my boss want that each client make the VPN using one public IP, but in the ASA I have private IP.

I belive that I have to make a NAT in the router translate IP range /24 to private IP of ASA interface, Am I correct?

I´m new with security, for this reason, I don´t know how to do it and if my analogy is correct.

Thanks

Marcio

Aditya Ganjoo · ‎04-12-2016

Hi Marcio,

Yes you are correct.

You need a static one to one translation something like this:

object network obj-192.x.x.x-24

subnet 192.x.x.x.x 255.255.255.0

nat(inside,outside) source static 200.x.x.x

Regards,

Aditya

marcio.tormente · ‎04-12-2016

Hello Aditya,

Thanks for your support.

In your configuration is made on ASA and using only one public IP, I need the oposite.

Map one private IP (ASA interface) to public IP range.

The traffic if fron outside to inside in the router, in other words, the clients want to make VPN (site-to-site) with ASA using diferent public IP to each VPN.

Just remember that who know the publi IP is the router.

marcio.tormente · ‎04-12-2016

If I make this configuration, is correct?

interface fast0/0
ip add 200.x.x.1 255.255.255.0
ip nat outside
!
interface fast0/1
ip add 192.168.10.1 255.255.255.0
ip nat inside
!
ip nat pool ISP_RANGE 200.x.x.2 200.x.x.254
ip nat inside source route-map provider1-map pool ISP_RANGE
!
route-map provider1-map permit 10
match ip address 1
match interface fast0/0
!
access-list 1 permit host 192.168.10.3