I have been trying real hard to figure this out but now I am wondering if it is possible at all. We have a customer who wants to setup an IPSec vpn tunnel with them to securely transfer files. The configuration is below
FW (Tunnel endpoint)
ASA (Tunnel endpoint)-----Server (Private IP)
The tunnel is created fine but I can't pass any traffic to them and my
suspicion is that it is due to NAT. We are NATing the private IP from
our server to a public IP (static NAT) , but the customer only will
allow public IPs for our encryption domain, not the private IP that is
actually in use. At the heart of this I believe this to be a routing
problem (the customer's server doesn't know how to get back to our
network and/or if it does come back, it isn't getting back to the
correct private IP. I have tried exempting this traffic from NAT policies but can't seem to get any farther in having traffic flow.
So my basic question here is: is this possible to do with this
setup through the ASA and if so how?
Thanks for your input,