I know how to configure pix or asa for lan to lan ipsec vpn tunnels to allow the inside networks at each site to communicate through the tunnel. This requires defining an access list that identifies when traffic from siteA goes to Site B bypass the natting process. (i.e. nat (inside) 0 access-list nonat).
Now I have a customer that needs a additional tunnel setup that needs their internal private ip's natted to a publicly routable address and then tunneled. Here is the remote sites VPN requirments.
Checkpoint NG w/AI version R60
Gateway IP: 12.5.XX.XX
Encryption: 3DES/MD5/DH Group 2/Disable Perfect Forward Secrecy
Preshared Key: TBD over the phone
IKE Phase 1 Timeout: 1440 minutes
IPSec Phase 2 Timeout: 3600 seconds
Host to access: 18.104.22.168/32 over TCP Port 23 (standard telnet)
"We will need you to NAT all your internal IP's to an external routable IP address.
That can either be the external interface of your firewall, or another public routable IP address on that network. "
Can this be done with the ASA and if so how do you nat before the ipsec process?