nat issue

Answered Question
Oct 18th, 2008

While configuring easy vpn in nem mode with asa 5510 and a 1800 SERIES router,it has been said that intersting traffic should not be natted.How does this traffic goes to the internet with private ip addressing if the 2 sites are link by internet ?

example:

access-list no-nat extended permit ip 172.22.1.0 255.255.255.0 172.16.1.0 255.255.255.0

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 1 month ago

The traffic is tunneled so the private IP addressing is never seen on the Internet. So the source and destination IP addresses of the packets when they are the Internet are the outside interface of the ASA and the outside interface of the 1800.

The IP header with the source and destination private IP addresses ie. 172.22.1.x & 172.16.1.x are only visble once the outer IP header has been removed and it is the ASA and 1800 that remove and add the outer IP header.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Sat, 10/18/2008 - 14:33

The traffic is tunneled so the private IP addressing is never seen on the Internet. So the source and destination IP addresses of the packets when they are the Internet are the outside interface of the ASA and the outside interface of the 1800.

The IP header with the source and destination private IP addresses ie. 172.22.1.x & 172.16.1.x are only visble once the outer IP header has been removed and it is the ASA and 1800 that remove and add the outer IP header.

Jon

Actions

This Discussion