NAT remote sites IP LAN 2 LAN

Unanswered Question
Dec 15th, 2008

I have a dilemma. We have a LAN 2 LAN with a remote site and I need somehow NAT their subnet with and address pool on my side so I can route this traffic elsewhere where there is a conflicting network. I have an ASA 5510 on this side and they are running a PIX something or another.

I can see where to create a pool but how can I tell the ASA to assign that pool to the addresses in that LAN 2 LAN?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Mon, 12/15/2008 - 23:14

L2L VPNs do not use 'pools'. You have to define the interesting traffic using Crypto Access-Lists. In case of NAT, you can put the translated IPs in the access-list as per the below example:

And this is an example on IOS:



svanguilder Tue, 12/16/2008 - 06:53

Thanks for the replies! I understand what you are saying, I just used lousy wording. We already have the tunnel up and running, but found they need to access a server on a another connected network. I have routed VPN traffic to this server in the past, but we are running into overlapping network issues with this one so they can't route it back up to me. I was hoping to be able to NAT it on my device instead of theirs. Is that possible?

I can see that we would have to totally recreate the tunnel if we did it by the method shown in the documentation. This took a bit of time to get it working before and I don't want to recreate the tunnel if I don't have to.

Farrukh Haroon Wed, 12/17/2008 - 11:22

In my humble opinion, it would be better to re-create the tunnel then go for some complex band-aid solution that will create troubleshooting errors and complexities in the future.



svanguilder Wed, 12/17/2008 - 11:43

As much as I had hoped to avoid that, I am making arrangements to do just that. A guy can only hope there would be an easier way.

Thanks for help!!


This Discussion