03-12-2009 03:04 PM - edited 02-21-2020 03:21 AM
Customer has the same remote networks as some of my local networks. What is the best way to apply Nat accross the tunnel?
172.16.x.x
local 192.168.0.0
Remote 192.168.0.0
172.17.x.x
local 192.168.0.0
Remote 192.168.0.0
LAN on both sides has 192.168.0.0 /24
Currently, I have several tunnels that Nat Networks and hosts to 10.50.70.10. I would like to to understand how to properly NAT the tunnel traffic in the same manner using the ASA.
I've looked at documentation but it seems confusing.
Does anyone have a simple CLI config or ASDM example that may provide a working config I can play with?
Can I use the same NAT for multiple tunnels? This works on another device. It is like using PAT across the tunnel.
192.168.0.0 translated to 10.50.70.10
This isn't allowed in static policy Nat.
Whom ever answers this will get ratings from the several hundred posts with the same questions.
03-12-2009 08:45 PM
Here what I would do:
access-list NATVPN permit ip 192.168.0.0 255.255.255.0 172.17.0.0 255.255.255.0
ONE SIDE
static (inside,outside) 172.16.0.0 access-list NATVPN
crypto acl should look
access-list crypto permit ip 172.16.0.0 255.255.255.0 172.17.0.0 255.255.0.0
(OR HOWEVER THE MASK IS)
REMOTE SITE
access-list NATVPN permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.255.0
ONE SIDE
static (inside,outside) 172.17.0.0 access-list NATVPN
crypto acl should look
access-list crypto permit ip 172.17.0.0 255.255.255.0 172.16.0.0 255.255.0.0
Give that a shot.
03-16-2009 12:45 PM
I'm working on trying this out. I feel confident about it and will let you know my results.
Do you know of anyway to force a subnet...for example 192.168.0.0 /24 to translate to a host... 10.70.50.2? This could be 172.17.0.2 as in the above issue. I'm looking to avoid the overlapping 192.168.0.0 networks.
Basically I'm looking for a many to one nat/pat to use across the tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide