Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT on VPN Tunnel Traffic

We have created a new VPN tunnel to a 3rd party site and must NAT the traffic. We already have VPN tunnels terminating on our ASA. I've listed below relevant parts of the configuration.

nat (inside) 0 access-list INSIDE_NAT0_OUTBOUND

nat (inside) 1 access-list INSIDE_NAT1_OUTBOUND

nat (inside) 2 0.0.0.0 0.0.0.0

access-list INSIDE_NAT0_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 10.192.0.0 255.255.0.0

access-list INSIDE_NAT1_OUTBOUND extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0

access-list INSIDE_NAT1_OUTBOUND extended permit ip 172.28.0.0 255.255.0.0 192.168.1.0 255.255.255.0

global (outside) 1 10.231.0.225-10.231.0.254

global (outside) 2 interface

The access list assigned to the VPN is:

access-list 3rd-party-vpn extended permit ip 10.231.0.224 255.255.255.224 192.168.1.0 255.255.255.0

Basically, we want traffic from our 10.x.x.x and 172.28.x.x networks destined for 192.168.1.0 255.255.255.0 to be translated to 10.231.0.224/27. We have managed to establish a tunnel, but are unable to connect to resources on the 3rd party site.

Any suggestions on where I have gone wrong?

Many thanks

Mark

1 REPLY
Silver

Re: NAT on VPN Tunnel Traffic

Can you post output of "show crypto ipsec sa" for us?

HTH

Saju

Pls rate helpful posts

118
Views
0
Helpful
1
Replies