good one ASA vpn concentrator conversion

Unanswered Question
Mar 30th, 2009
User Badges:

customer has vpn concentrator hanging off ASA dmz interface. Customer wants vpn tunnels moved to ASA. Hitch, the ASA has a static toward the dmz converting a 10 address to a 172 address before hitting concentrator so end point of tunnel refers to 172 address not 10 address. If I do the following should it work?

nat (inside) 99 access-list convert

global (outside) 99 172.x.x.x

access-list convert permit ip host 10.x.x.x host (other end of the tunnel)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion