NAT on VPN Tunnel Traffic

Unanswered Question
Oct 1st, 2008
User Badges:

We have created a new VPN tunnel to a 3rd party site and must NAT the traffic. We already have VPN tunnels terminating on our ASA. I've listed below relevant parts of the configuration.



nat (inside) 0 access-list INSIDE_NAT0_OUTBOUND

nat (inside) 1 access-list INSIDE_NAT1_OUTBOUND

nat (inside) 2 0.0.0.0 0.0.0.0


access-list INSIDE_NAT0_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 10.192.0.0 255.255.0.0


access-list INSIDE_NAT1_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0

access-list INSIDE_NAT1_OUTBOUND extended permit ip 172.28.0.0 255.255.0.0 192.168.1.0 255.255.255.0


global (outside) 1 10.231.0.225-10.231.0.254

global (outside) 2 interface


The access list assigned to the VPN is:


access-list 3rd-party-vpn extended permit ip 10.231.0.224 255.255.255.224 192.168.1.0 255.255.255.0



Basically, we want traffic from our 10.x.x.x and 172.28.x.x networks destined for 192.168.1.0 255.255.255.0 to be translated to 10.231.0.224/27. We have managed to establish a tunnel, but are unable to connect to resources on the 3rd party site.


Any suggestions on where I have gone wrong?


Many thanks

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Wed, 10/01/2008 - 05:18
User Badges:
  • Silver, 250 points or more

Can you post output of "show crypto ipsec sa" for us?


HTH

Saju

Pls rate helpful posts

Actions

This Discussion