NATing over Site-to-Site

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 12/03/2008 - 09:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ofir


Your crypto mpa access-list needs to use the Natted IP of your server and not the real IP eg.


remote network = 172.16.5.0/24

server real address =- 192.168.5.1

ASA outside interface = 195.177.12.1


access-list vpntraffic permit ip host 195.177.12.1 172.16.5.0 255.255.255.0


the above is what your crypto access-list should look like. At the remote end it should be


access-list vpntraffic permit ip 172.16.5.0 255.255.255.0 host 195.177.12.1


Jon

Jon Marshall Wed, 12/03/2008 - 09:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"remote network is /32 - does it change anything (other then the mask)?"


No mine was just an example, change to fit your scenario.


"when you refer to server real address that is myServer or the other side?"


Your server that you are Natting.


Jon

Actions

This Discussion