site to site vpn natting

Unanswered Question
Jun 5th, 2008
User Badges:

Hi all, we have just had a router and asa installed on our network, the asa terminates site to site tunnels to our other buildings, if the router is already natting to an internal address of the firewall, do we still need to do no nat for the site to site traffic ? how will this work ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
carl_townshend Fri, 06/06/2008 - 05:18
User Badges:

Can you please explain this, bascically we have a router with an internet ip, this then nats an internet ip to a private address of the outside interface of the firewall, would we have to turn nat off for all outbound traffic? also what would we do with the site to site tunnel policy?

cowetacoit Fri, 06/06/2008 - 05:30
User Badges:

Check you NAT exemption rules. You should have a rule allowing your local internal address scheme to the remote ASA's internal IP scheme. This exempts NATing outbound to your remote site over the site to site.

Edit..I'm sorry i didn't see that you were NATing with a router.


This Discussion