Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NATing over MPLS and VPN.

Hi guys im having a situation at work where we have an MPLS line coming in from one of our clients, at the moment that is working and we are using static NAT rules on ASA 5510 8.2 to NAT the MPLS addresses to specific services on our inside Network that we supply to the client.

Now we have made a site-to-site VPN connection to the same client with the Objective that if the MPLS line ever goes down the VPN takes over, we are using a floating static route with a higher metric to route the site-to-site VPN connection.

Now regarding the NATing for the site-to-site, if I create an exempt rule for the site-to-site VPN, this rule will interfere with the MPLS static NAT rules when the MPLS line is online.

How should I go about to have the static rules for the MPLS line and switch to "Exempt" NAT rule when the VPN takes over, since I cant add the "Exempt" rule after the static rules im out of ideas, will a route-map solve the issue, im only CCNA cert do im still a bit confused about route-maps.

At the moment the client as an address of 10.111.0.0/15 and 10.112.0.0/16. The MPLS lines are 172.23.190.10 at our firewall and 172.23.190.11 at the BT Router MPLS line, our Inside network is 192.168.44.0.24

At the moment we static nat MPLS addresses like so 172.23.190.100 >>> 192.168.44.100.

Many Thanks

PS: Im am not using our real addresses of course, these were created randomly.

129
Views
0
Helpful
0
Replies
CreatePlease login to create content