We have created a new VPN tunnel to a 3rd party site and must NAT the traffic. We already have VPN tunnels terminating on our ASA. I've listed below relevant parts of the configuration.
nat (inside) 0 access-list INSIDE_NAT0_OUTBOUND
nat (inside) 1 access-list INSIDE_NAT1_OUTBOUND
nat (inside) 2 0.0.0.0 0.0.0.0
access-list INSIDE_NAT0_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 10.192.0.0 255.255.0.0
access-list INSIDE_NAT1_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0
access-list INSIDE_NAT1_OUTBOUND extended permit ip 172.28.0.0 255.255.0.0 192.168.1.0 255.255.255.0
global (outside) 1 10.231.0.225-10.231.0.254
global (outside) 2 interface
The access list assigned to the VPN is:
access-list 3rd-party-vpn extended permit ip 10.231.0.224 255.255.255.224 192.168.1.0 255.255.255.0
Basically, we want traffic from our 10.x.x.x and 172.28.x.x networks destined for 192.168.1.0 255.255.255.0 to be translated to 10.231.0.224/27. We have managed to establish a tunnel, but are unable to connect to resources on the 3rd party site.
Any suggestions on where I have gone wrong?