I am in the process of configuring a tunnel between our company and an outside vendor. The outside vendor has our same address space in use on their network as well. We had this setup on our existing Nortel VPN equipment and it was working.
I have setup the tunnel as follows:
object-group network DM_INLINE_NETWORK_75
network-object host 172.x.x.129
network-object host 172.x.x.130
network-object host 172.x.x.131
network-object host 172.x.x.132
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_75 143.x.x.128 255.255.255.128
access-list inside_nat_static_1 extended permit ip host 10.x.x.136 143.x.x.128 255.255.255.128
access-list inside_nat_static_2 extended permit ip host 10.x.x.137 143.x.x.128 255.255.255.128
access-list inside_nat_static_3 extended permit ip host 10.x.x.138 143.x.x.128 255.255.255.128
access-list inside_nat_static_4 extended permit ip host 10.x.x.135 143.x.x.128 255.255.255.128
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...