Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
0
Helpful
5
Replies

NAT remote sites IP LAN 2 LAN

svanguilder
Level 1
Level 1

‎12-15-2008 02:19 PM - edited ‎02-21-2020 03:10 AM

I have a dilemma. We have a LAN 2 LAN with a remote site and I need somehow NAT their subnet with and address pool on my side so I can route this traffic elsewhere where there is a conflicting network. I have an ASA 5510 on this side and they are running a PIX something or another.

I can see where to create a pool but how can I tell the ASA to assign that pool to the addresses in that LAN 2 LAN?

0 Helpful
5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

‎12-15-2008 02:45 PM

Are you refereing to overlaping private networks between the other side and yours? if so

Have a look here

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Jorge Rodriguez
0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎12-15-2008 11:14 PM

L2L VPNs do not use 'pools'. You have to define the interesting traffic using Crypto Access-Lists. In case of NAT, you can put the translated IPs in the access-list as per the below example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

And this is an example on IOS:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a0ece4.shtml

Regards

Farrukh

0 Helpful

svanguilder
Level 1
Level 1
In response to Farrukh Haroon

‎12-16-2008 06:53 AM

Thanks for the replies! I understand what you are saying, I just used lousy wording. We already have the tunnel up and running, but found they need to access a server on a another connected network. I have routed VPN traffic to this server in the past, but we are running into overlapping network issues with this one so they can't route it back up to me. I was hoping to be able to NAT it on my device instead of theirs. Is that possible?

I can see that we would have to totally recreate the tunnel if we did it by the method shown in the documentation. This took a bit of time to get it working before and I don't want to recreate the tunnel if I don't have to.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to svanguilder

‎12-17-2008 11:22 AM

In my humble opinion, it would be better to re-create the tunnel then go for some complex band-aid solution that will create troubleshooting errors and complexities in the future.

Regards

Farrukh

0 Helpful

svanguilder
Level 1
Level 1
In response to Farrukh Haroon

‎12-17-2008 11:43 AM

As much as I had hoped to avoid that, I am making arrangements to do just that. A guy can only hope there would be an easier way.

Thanks for help!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card