nat issue

Answered Question
Oct 18th, 2008
User Badges:

While configuring easy vpn in nem mode with asa 5510 and a 1800 SERIES router,it has been said that intersting traffic should not be natted.How does this traffic goes to the internet with private ip addressing if the 2 sites are link by internet ?

example:

access-list no-nat extended permit ip 172.22.1.0 255.255.255.0 172.16.1.0 255.255.255.0

Correct Answer by Jon Marshall about 8 years 5 months ago

The traffic is tunneled so the private IP addressing is never seen on the Internet. So the source and destination IP addresses of the packets when they are the Internet are the outside interface of the ASA and the outside interface of the 1800.


The IP header with the source and destination private IP addresses ie. 172.22.1.x & 172.16.1.x are only visble once the outer IP header has been removed and it is the ASA and 1800 that remove and add the outer IP header.


Jon



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 10/18/2008 - 14:33
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

The traffic is tunneled so the private IP addressing is never seen on the Internet. So the source and destination IP addresses of the packets when they are the Internet are the outside interface of the ASA and the outside interface of the 1800.


The IP header with the source and destination private IP addresses ie. 172.22.1.x & 172.16.1.x are only visble once the outer IP header has been removed and it is the ASA and 1800 that remove and add the outer IP header.


Jon



Actions

This Discussion