NAT on VPN Tunnel Traffic

Unanswered Question

We have created a new VPN tunnel to a 3rd party site and must NAT the traffic. We already have VPN tunnels terminating on our ASA. I've listed below relevant parts of the configuration.

nat (inside) 0 access-list INSIDE_NAT0_OUTBOUND

nat (inside) 1 access-list INSIDE_NAT1_OUTBOUND

nat (inside) 2 0.0.0.0 0.0.0.0

access-list INSIDE_NAT0_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 10.192.0.0 255.255.0.0

access-list INSIDE_NAT1_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0

access-list INSIDE_NAT1_OUTBOUND extended permit ip 172.28.0.0 255.255.0.0 192.168.1.0 255.255.255.0

global (outside) 1 10.231.0.225-10.231.0.254

global (outside) 2 interface

The access list assigned to the VPN is:

access-list 3rd-party-vpn extended permit ip 10.231.0.224 255.255.255.224 192.168.1.0 255.255.255.0

Basically, we want traffic from our 10.x.x.x and 172.28.x.x networks destined for 192.168.1.0 255.255.255.0 to be translated to 10.231.0.224/27. We have managed to establish a tunnel, but are unable to connect to resources on the 3rd party site.

Any suggestions on where I have gone wrong?

Many thanks

Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Wed, 10/01/2008 - 05:18

Can you post output of "show crypto ipsec sa" for us?

HTH

Saju

Pls rate helpful posts

Actions

This Discussion