×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Tunnel one external IP by VPN to forward through the ASA

Unanswered Question
Aug 1st, 2013
User Badges:

Hi,

I've configured a remote access vpn that works fine.

Now I've a trouble:

The IP address assigned to my outside interface is allowed, from the firewall of my customer, to access an its natted server.

I would that the traffic addressed to the public IP of my customer, originated from the vpn, goes inside the tunnel (I've already configured split tunnel to forward this traffic to my asa) and from the asa reaches the customer as coming from my asa interface.


I've tried in this way


object network customer

host 5.5.5.5

nat (outside,outside) static 5.5.5.5


nat (inside,outside) source static inside_network inside_network destination static vpn_pool_address vpn_pool_address

nat (dmz,outside) source static dmz_network dmz_network destination static vpn_pool_address vpn_pool_address

nat (outside,outside) source static customer customer destination static vpn_pool_address vpn_pool_address


See attached image for scenario.


NETWORK ISSUE.JPG

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
giuseppe.turri Thu, 08/01/2013 - 05:09
User Badges:

I've tried but doesn't work.

From my client I've to telnet the public IP address of my customer having my asa outside ip address as source.


Supposing 5.5.5.5 the customer ip address, I've submitted this commands:



same-security-traffic permit intra-interface

object network CUSTOMER

     host 5.5.5.5

     nat (outside,outside) dynamic interface

nat (inside,outside) source static CUSTOMER CUSTOMER destinatin static VPN_POOL VPN_POOL


Is it correct?

Actions

This Discussion