LAN to LAN VPN with NAT --- Resolved!

Answered Question
Sep 2nd, 2010

Hi Everyone,

I am having issues with a L2L VPN that is set up and connected, however when traffic comes in from the other side of the tunnel it does not make it to the Inside network host that is being static NATed. The inside host 172.18.30.225 is being NATted to yyy.30.49.14 which is an IP Address on the DMZ Interface (yyy.30.49.0 255.255.255.240).

Here is the configuration


object-group network NET-Tunnel
  network-object host xxx.220.129.134

access-list Tunnel--ACL extended permit ip host yyy.30.49.14 object-group NET-Tunnel

crypto map MAP_Tunnel 20 match address Tunnel-ACL


object network Tunnel-iServer-NAT
host yyy.30.49.14
object network Tunnel-iServer-Host
host 172.18.30.225


object network Tunnel-iServer-Host
nat (Internal,DMZ) static Tunnel-iServer-NAT

I hope this is sufficient enough for someone to help me.

Thanks,

M

Version 8.3.1 ASA

Message was edited by: Network Operations

I have this problem too.
0 votes
Correct Answer by lawchung about 6 years 4 months ago

Does the Internal host live on the DMZ network or Internal network? If it actually lives on the Internal network then you cannot NAT it to the DMZ interface and have it going out the outside Interface assuming the outside interface is the VPN termination interface. If you are terminating the VPN on the DMZ interface and the internal host lives on the Internal network then that is fine.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
lawchung Thu, 09/02/2010 - 09:59

Does the Internal host live on the DMZ network or Internal network? If it actually lives on the Internal network then you cannot NAT it to the DMZ interface and have it going out the outside Interface assuming the outside interface is the VPN termination interface. If you are terminating the VPN on the DMZ interface and the internal host lives on the Internal network then that is fine.

es-netops Thu, 09/02/2010 - 10:02

Hi Thanks for your reply.

The Internal host lives in the Internal and the tunnel terminates on the Outside interface, What should I do to make this work?

Thanks,

M

es-netops Fri, 09/03/2010 - 08:37

This thread can be closed. I moved the NAT from out of the DMZ to an IP that was bound to the inside.

It now works.

Mods. Please close this thread.

Thanks.

Actions

This Discussion

Related Content