NAT explanination

Unanswered Question
Aug 7th, 2012
User Badges:

Guys we have a LAN to LAN VPN....one of the client has follwoing IP



name 160.X.X.140 tic

crypto map clientmap 5 set peer 160.X.X.140

tunnel-group 160.X.X.140 type ipsec-l2l

tunnel-group 160.X.X.140 ipsec-attributes



crypto map clientmap 5 match address TIC-VPN-ACL

crypto map clientmap 5 set transform-set ESP-3DES-SHA


access-list TIC-VPN-ACL extended permit ip host 10.1.20.1 host 160.X.X.142 log warnings


So it means that tarffic initiate from our side (correct me if i am wrong)


static (External,Internal) 192.168.1.6 160.X.X.142 netmask 255.255.255.255


can some on explain this NAT statement


1- what does this NAT do if someone from inside network with ip address of 10.X network will it get translated to 192. address

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Karsten Iwen Wed, 08/08/2012 - 00:37
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

This static means that if someone enters the ASA from "External" with a real IP of 160.x.x.142, his source address gets translated to 192.168.1.6. The other way round, if someone comes from "Internal" and wants to reach the "External" destination-address of 192.168.1.6, that destination-address gets translated to 160.x.x.142.


This NAT-rule doesn't specify what to do with your 10.x source-address. For that there is probably another NAT-statement. Look for other "static ..."-commands and also for "nat (Internal) 0 ...".


-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Actions

This Discussion