Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
0
Helpful
5
Replies

Moving L to L tunnel from 3000 concentrator to ASA 5510

Go to solution
forman102
Level 1
Level 1

‎08-31-2010 10:37 AM

Hello,

I'm looking into moving VPN Lan to Lan tunnel configuration from Cisco 3000 VPN concentrator to ASA 5510. I noticed that this particular configuration has NAT enabled in the concentrator (Config => Policy Management => Traffic Mgmt => NAT => L to L Rules)... there are 2 servers NATted to 192.168.1.1 and .2 addresses, so I need to do the same in ASA. What steps should I take to achieve the same config in ASA? Can this be done thru SDM?

thank you,

forman

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to manish arora

‎08-31-2010 12:30 PM

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

That is correct.

You should NAT the traffic of the VPN and define the VPN traffic from the translated addresses.

Federico.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎08-31-2010 10:38 AM

Hi,

I'm not sure if TAC has a tool that converts from VPN Concentrator to ASA.

I've always done them manually either via CLI or ASDM.

Federico.

0 Helpful

Go to solution
forman102
Level 1
Level 1
In response to Federico Coto Fajardo

‎08-31-2010 11:07 AM

Thanks Federico, but how would you define NAT statements for VPN tunnel in ASA? I can't find it in ASDM and don't have much experience to configure thru CLI. It seems that it was quite easy to do in the concentrator.

0 Helpful

Go to solution
forman102
Level 1
Level 1
In response to Federico Coto Fajardo

‎08-31-2010 12:01 PM

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to manish arora

‎08-31-2010 12:30 PM

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

That is correct.

You should NAT the traffic of the VPN and define the VPN traffic from the translated addresses.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents