Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L VPN - peer and private address is the same

We need to create a L2L tunnel with a provider but their standard is that they require us to PAT our internal segments\hosts (AKA "interesting traffic") to a public address. By that they mean an address in the same segment as the OUTSIDE interface of our firewall, even the Internet address itself.

Will that work on an ASA5520?

Any difference in the tunnel config?

Any comments?

4 REPLIES
Hall of Fame Super Blue

Re: L2L VPN - peer and private address is the same

Roni

Yes it will work fine. The major change in the config is that the crypto map access-list that defines interesting traffic must use the Natted address and not the original source addresses.

Jon

New Member

Re: L2L VPN - peer and private address is the same

So you mean that the "interesting traffic" (source --> dst) will have to be pat'ed to the outside (public) address of the firewall and this address in the cryptomaps?

I was unable to find such an example online, but it makes sense that it will work.

Hall of Fame Super Blue

Re: L2L VPN - peer and private address is the same

Roni

You can NAT the interesting traffic to any address you like although the outside interface address is as good as any.

Yes, whatever address you choose you use that one in the crypto maps.

Jon

New Member

Re: L2L VPN - peer and private address is the same

Jon,

When the other side of the tunnel access my outside int of the firewall, how do I point this traffic to the internal host?

Is that it:

static (inside,outside) pubaddress internalhost netmask 255.255.255.255

So basically it's a regular vpn setting but the cryptomaps has the public address, correct?

Do I need to nonat the traffic from my pub address to the other side?

575
Views
0
Helpful
4
Replies