good one ASA vpn concentrator conversion

Unanswered Question
Mar 30th, 2009

customer has vpn concentrator hanging off ASA dmz interface. Customer wants vpn tunnels moved to ASA. Hitch, the ASA has a static toward the dmz converting a 10 address to a 172 address before hitting concentrator so end point of tunnel refers to 172 address not 10 address. If I do the following should it work?

nat (inside) 99 access-list convert

global (outside) 99 172.x.x.x

access-list convert permit ip host 10.x.x.x host (other end of the tunnel)


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion