I have the following scenario:
net inside [220.127.116.11 / 24] ---------- [ASA5505] ------------ net outside [10.120.2.88 / 30] ----- ISP network
ASA5505 inside interface: 192.168.21.254
ASA5505 outside interface: 10.120.2.90
ASA5505 default gateway: 10.120.2.89
The public addresses offered by our ISP are [190.X.Y.88 / 29].
We don't have a router to connect the ISP ethernet port.
I configured some NATs:
global (outside) 1 190.X.Y.90 255.255.255.248
nat (inside) 1 192.168.21.0 255.255.255.0
with this commands we got Internet navigation to inside stations.
I configured a STATIC:
static (inside,outside) 190.X.Y.91 192.168.21.200 netmask 255.255.255.255
with this static and some access-list we got public services to Internet.
But we need to configure VPN Remote Access and L2L in the ASA5505.
How may I configure the interfaces, NAT or STATIC to get VPN access ?
The only way to terminate the VPN to the ASA is either two ways:
1. Termine the tunnel on an IP directly assigned to an interface on the ASA.
2. Terminate the tunnel on an public IP that can be redirected to the IP of the ASA.
There's no way to terminate the tunnel on an IP that is not mapped somehow to the interface of the ASA.