Hi.I have the following situation in my network.We have a need for users who connect to our site with VPN clients to connect to another site via a L2L tunnel. The problem is that I need to NAT the addresses from the VPN client pool to another range before going over the L2L tunnel because on the other side we have overlapping networks.
I have been trying to do NAT along the following lines with little success:
ACL for NAT of VPN pool:
access-list TEST extended permit ip 192.168.253.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list TEST extended permit ip 192.168.253.0 255.255.255.0 192.168.5.0 255.255.255.0
global (outside) 15 172.20.105.1-172.20.105.254
nat (inside) 15 access-list TEST
access-list RO extended permit ip LAN 255.255.0.0 192.168.0.0 255.255.255.0
access-list RO extended permit ip LAN 255.255.0.0 192.168.5.0 255.255.255.0
access-list RO extended permit ip 172.20.105.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list RO extended permit ip 172.20.105.0 255.255.255.0 192.168.5.0 255.255.255.0
same-security-traffic permit intra-interface
Am I missing something here? Can something like this be done at all?
Thanks in advance for any help.
We are using ASA 5510 with software version 8.0(3)6.