configure a vpn site-to-site on ASA5520 and use NAt

Answered Question
May 6th, 2008
User Badges:

I have to configure a VPN site to site, the vpn is already working. but some CEOs doesnt like how its done, because one subnets of the peer is 10.*.*.* and it matches with my private subnet (10.*.*.*), so they want me to nat my subnet. The vpn site to site now is configure with the 10.X.X.X and peer (4.4.X.X)

Does anyone did that before?

Correct Answer by JORGE RODRIGUEZ about 9 years 2 months ago

Priscilla,


This is a common practice when there is overlapping local networks when doing L2L vpns, this is call Policy NAT, where either end NAT their internal IPscheme in their tunnel policy, here is a link with an example of Policy NAT in L2L vpns.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml




HTH

-Jorge


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Tue, 05/06/2008 - 13:39
User Badges:
  • Green, 3000 points or more

Priscilla,


This is a common practice when there is overlapping local networks when doing L2L vpns, this is call Policy NAT, where either end NAT their internal IPscheme in their tunnel policy, here is a link with an example of Policy NAT in L2L vpns.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml




HTH

-Jorge


Actions

This Discussion