I have been asked to setup a IPSec site-to-site VPN with a company partner. They require that we NAT our internal hosts to a different network before sending across the tunnel. These same internal hosts need regular Internet access. I only want to NAT to a global address if the destination matches certain hosts or subnets. Otherwise, the address should be sent to regular outbound NAT overload.
Have the following networks needing "conditional" NAT:
Remote networks on the partner side are:
They've asked that we NAT our hosts to 10.29.96.x. They will then apply inbound filtering on 10.29.96.x.
Can anybody provide with the needed access list(s) and NAT statement(s) for my side?
This is a Cisco ASA 5520 to Cisco ASA 5520 IPSec tunnel...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...