12-08-2008 01:22 PM - edited 03-11-2019 07:22 AM
I have a new vpn tunnel that I would like to NAT to the internal network address space. The new tunnel is coming from 172.31.17.0 and the existing LAN on the ASA is 172.31.16.0 Is there a good solution to make the incoming tunnel hav a source address from the 172.31.16.0 network to access other resources?
Solved! Go to Solution.
12-08-2008 01:44 PM
Tom
Assuming it is a site-to-site VPN and assuming a spare IP address of 172.31.16.10
nat (outside) 2 172.31.17.0 255.255.255.0 outside
global (inside) 2 172.31.16.10
OR if you want to use the interface address
global (inside) 2 interface
Note i have used a nat-id of 2 in the example, just use a nat-id that is unused.
Jon
12-08-2008 01:27 PM
Tom
Is this a site-to-site VPN tunnel ?
Do you have a spare IP address in the 172.31.16.x subnet or do you want to use the inside interface address on the ASA ?
Jon
12-08-2008 01:38 PM
Jon,
I could use either. The interface is 172.31.16.1 or I could utilize an open IP on the inside.
Tom
12-08-2008 01:44 PM
Tom
Assuming it is a site-to-site VPN and assuming a spare IP address of 172.31.16.10
nat (outside) 2 172.31.17.0 255.255.255.0 outside
global (inside) 2 172.31.16.10
OR if you want to use the interface address
global (inside) 2 interface
Note i have used a nat-id of 2 in the example, just use a nat-id that is unused.
Jon
12-08-2008 02:14 PM
Jon,
Thanks for your help. This will work.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide