I'm hoping that someone can straighten me out. I don't have a ton of experience with ASA's and I've inherited one that I need to support. Currently it has several IPSec tunnels terminating on it. There is one tunnel that connects to an office with an network address conflict. To get around this, the previous administrator put a many-to-one NAT in place:
access-list vpntraffictonat extended permit ip 192.168.0.0 255.255.255.0 10.64.0.0 255.224.0.0
access-list vpntraffictonat extended permit ip 192.168.0.0 255.255.255.0 10.251.0.0 255.255.0.0
nat (data) 2 access-list vpntraffictonat
global (outside) 2 10.201.108.2
So all the remote PC's on 192.168.0.0 are only NAT'ed to192.168.108.2 when accessing resources on 10.64.0.0. Now they have requested the ability to connect to the remote PC's from 10.64.0.0. I assume that I need a Policy Static, so that I don't break traffic going over the other IPSec tunnels.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...