site to site vpn natting

Unanswered Question
Jun 5th, 2008

Hi all, we have just had a router and asa installed on our network, the asa terminates site to site tunnels to our other buildings, if the router is already natting to an internal address of the firewall, do we still need to do no nat for the site to site traffic ? how will this work ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carl_townshend Fri, 06/06/2008 - 05:18

Can you please explain this, bascically we have a router with an internet ip, this then nats an internet ip to a private address of the outside interface of the firewall, would we have to turn nat off for all outbound traffic? also what would we do with the site to site tunnel policy?

cowetacoit Fri, 06/06/2008 - 05:30

Check you NAT exemption rules. You should have a rule allowing your local internal address scheme to the remote ASA's internal IP scheme. This exempts NATing outbound to your remote site over the site to site.

Edit..I'm sorry i didn't see that you were NATing with a router.

Actions

This Discussion