Moving L to L tunnel from 3000 concentrator to ASA 5510

Answered Question
Aug 31st, 2010

Hello,

I'm looking into moving VPN Lan to Lan tunnel configuration from Cisco 3000 VPN concentrator to ASA 5510. I noticed that this particular configuration has NAT enabled in the concentrator (Config => Policy Management => Traffic Mgmt => NAT => L to L Rules)... there are 2 servers NATted to 192.168.1.1 and .2 addresses, so I need to do the same in ASA. What steps should I take to achieve the same config in ASA? Can this be done thru SDM?

thank you,

forman

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 3 months ago

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

That is correct.

You should NAT the traffic of the VPN and define the VPN traffic from the translated addresses.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Federico Coto F... Tue, 08/31/2010 - 10:38

Hi,

I'm not sure if TAC has a tool that converts from VPN Concentrator to ASA.

I've always done them manually either via CLI or ASDM.

Federico.

forman102 Tue, 08/31/2010 - 11:07

Thanks Federico, but how would you define NAT statements for VPN tunnel in ASA? I can't find it in ASDM and don't have much experience to configure thru CLI. It seems that it was quite easy to do in the concentrator.

forman102 Tue, 08/31/2010 - 12:01

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

Correct Answer
Federico Coto F... Tue, 08/31/2010 - 12:30

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

That is correct.

You should NAT the traffic of the VPN and define the VPN traffic from the translated addresses.

Federico.

Actions

This Discussion