Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA outside to inside

Hi all,

I have a requirement to setup a IPSEC tunnel to allow access to remote users to a subnet on inside. The same subnet is already in use elsewhere on the inside network. My vpn tunnel terminates on the ASA (7.2) on the outside interface. I want to NAT the source address of this traffic before it goes to inside.

My ASA is:

192.168.198.138/28 (outside)|ASA|(inside) 192.168.198.36/28

The traffic coming from the tunnel is 10.2.0.0/22 going to 10.172.152.64/27. My tunnel is up and running. How can I NAT/PAT this traffic?

Is this possible:

nat (outside) 5 access-list Site_A_VPN_IN outside
global (inside) 5 10.58.200.31

access-list Site_A_VPN_IN extended permit ip 10.2.0.0 255.255.252.0 10.172.152.64 255.255.255.224

Do I need to allow this on the ACL for the outside interface?

Any help would be appreciate.

Thanks

Stan.

Everyone's tags (1)
1 REPLY
Community Member

Re: ASA outside to inside

To answer my own question, it works and access list entry was not needed.

cheers

944
Views
0
Helpful
1
Replies
CreatePlease to create content