Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
2
Replies

Nat and route question

dan_track
Level 1
Level 1

‎03-08-2010 03:47 AM - edited ‎03-06-2019 10:02 AM

Hi,

On my asa firewall I've got a connection where I specify a static route for the destination ip of 10.138.24.228. However, I've now setup a VPN to the same location however, the destination ip I've been given is 10.92.24.228. The problem I have is our appplications are written to connect to 10.138.24.228 and so if we lose this conneciton we would need to go down the VPN, however, given the VPN device is using different destination ip's this won't work.

Can someone please show me how I can nat the 10.92.24.228 ip so it is masked and shown as 10.138.24.228?

I imagine at the very least in a failover scenario I would have to manually change the static route to point towards the outside interface i.e the VPN, am I right?

Thanks

Dan

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎03-08-2010 07:54 AM 

dan_track wrote:
Hi,
On my asa firewall I've got a connection where I specify a static route for the destination ip of 10.138.24.228. However, I've now setup a VPN to the same location however, the destination ip I've been given is 10.92.24.228. The problem I have is our appplications are written to connect to 10.138.24.228 and so if we lose this conneciton we would need to go down the VPN, however, given the VPN device is using different destination ip's this won't work.
Can someone please show me how I can nat the 10.92.24.228 ip so it is masked and shown as 10.138.24.228?
I imagine at the very least in a failover scenario I would have to manually change the static route to point towards the outside interface i.e the VPN, am I right?
Thanks
Dan

Dan

Assuming you want to NAT it so devices on the inside can send packets to 10.92.24.228 and they get Natted to 10.138.24.228 ?

static (outside,inside) 10.92.24.228 10.238.24.228 netmask 255.255.255.255

As for changing the static route yes you would but the ASA does support route tracking so you may be able to automate this. I say may because it would need testing.

One thing though, i'm assuming your current static route has a next-hop that is reachable from the ASA on a different interface than you want to apply the crypto map ? If they are the same then the traffic will always activate the VPN.

Jon

0 Helpful

dan_track
Level 1
Level 1
In response to Jon Marshall

‎03-09-2010 06:42 AM

Thanks Jon,

Sorry for the late reply. What I need is essentially the application to connect to 10.138.24.228 via the VPN, so that the application is totally unaware of the 10.92.24.228 ip.

Is that possible?

Thanks

Dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card