I need some help on configuring a VPN tunnel between 2 customer sites.
site1: 192.168.10.0 /24
site2: 10.10.14.0 /24
hosting network: 172.23.0.0 /24
Site1 has an MPLS connection to some hosting provider, which goes through a router that is on their 192.168.10.0 /24 subnet. The hosting provider will only allow IP adresses from the 192.168.10.0 /24 network to go through the MPLS to their hosting network.
However the situation now is, that we need Site2 to also be able to access the hosting network.
I need to configure a VPN tunnel from Site2 to Site1 with some kind of static NAT, that will allow Site2 to access the hosting network through the MPLS. Therefore the Site2 IP addresses (just a few) need to be translated in the VPN tunnel to some IP adresses that is available on Site1's subnet (192.168.10.0 /24).
The issue is of course that all has to handled at layer 2 on site1.
Site2 (the few hosts) still have to be able to communicate with devices on Site1 and Site1 still have to be able to communicate with the few hosts on Site2.
I have accomplished some of this, as I am now able to communicate from a single host on site2 (10.10.14.102 - NAT'ed 192.168.10.240) to the hosts on site1. However traffic initiated from Site1 to the host on Site2 (192.168.10.240 - real 10.10.14.102) does not work.
I really hope someone can help me with this. I have pasted the relevant configuration from both ASA's that have gotten me so far.
access-list INSIDE_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.240
access-list RA_VPNNAT extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.240
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :