Hopefully this is the correct group to post this question, if it should be in the VPN group i can post there.
We are going to setup a L2L VPN with a vendor and they asked us to NAT a couple IP addresses for remote access to a couple of servers on our inside network. Our device is an ASA 5580 with version 8.1 and we have a handfull of public IP addresses for use if needed.
The vendor's remote network is a public IP address but for this posting I will use 192.168.10.0. Our inside servers are 10.100.10.20 and 10.100.10.30. Because 10.100.10 is in use with another customer they asked us to NAT 10.77.97.20 and 10.77.97.30 to the two inside servers. I'm comfortable with the VPN setttings but I would appreciate guidance with the NAT configuration.
For this setup you need to configure policy NAT. With that, the translation is depending on the remote Network.
1) Configure an ACL describing the communication that has to be NATted (10.100.10.20 and 10.100.10.30 to the customer-network)
2) In your nat or static statement (static if the remote end needs to establish sessins to the server, nat if only your server establishes the connection) you use that ACL to restrict the NAT to only the defined communication.
The exact configuration is explained in the config-guide:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...