Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

L2L VPN with NAT

I am having a problem setting up a L2L tunnel with a partner. I am using a ASA 5520 running 8.0.4.

Both sides of the tunnel are using the subnet 10.30.x.x/16. The network list on my side of the tunnel will have the nodes 10.0.194.1, 10.0.194.5, 10.0.194.10 and 10.0.194.11. I need to allow these four nodes thru the tunnel to communicate with the remote subnet 10.30.x.x/16. However, the 10.30.x.x/16 subnet also exists on my local network. How do I configure the tunnel to make this happen? Can I NAT before the tunnel? For example, could I route all traffic destined for this tunnel to the 172.16.32.x/24 subnet and when the ASA sees traffic destined for this subnet the ASA will perform the NAT and send it to the proper destination for this tunnel?

Would this config be the right way to go?

access-list PNAT1 extended permit ip 10.0.194.1/32 172.16.32.1/32

static (inside,outside) 10.30.20.1 access-list PNAT1

access-list PNAT5 extended permit ip 10.0.194.5/32 172.16.32.5/32

static (inside,outside) 10.30.20.5 access-list PNAT5

access-list PNAT10 extended permit ip 10.0.194.10/32 172.16.32.10/32

static (inside,outside) 10.30.20.10 access-list PNAT10

access-list cryptoACL extended permit ip 172.16.32.1/32 10.30.20.1/32

access-list cryptoACL extended permit ip 172.16.32.5/32 10.30.20.5/32

access-list cryptoACL extended permit ip 172.16.32.10/32 10.30.20.10/32

With this config, I would route traffic destined for the 172.16.32.x/24 subnet to the inside interface of our ASA and the ASA would encrypt and NAT the traffic to the 10.30.x.x/16 subnet.

Please help,

Thanks,

Keith

1 REPLY

Re: L2L VPN with NAT

133
Views
0
Helpful
1
Replies
CreatePlease to create content