Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to site VPN

I've 2 ASDM 5510 connected with VPN Tunnel IPSEC Site-to-Site.

subnet A and Subnet B.

subnet A is our main site and Subnet B is our resource site.

Here is our setting:

subnet A:

Outside interface- default ISP Internet

Inside interface - default local lan. 192.168.1.102/24

Subnet B

Outside interface (ISP Internet)

inside interface local lan 10.1.0.1/16

Now I want to redirect traffic that comes over the outside interface (internet) to a specific IP on [subnet A] (192.168.1.102) to an IP on [Subnet B] (10.1.0.1).

Is it possible?

Thanks

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Site to site VPN

Hi Bro

This cannot be achieved. I made a mistake by saying yes earlier, unless you were to use the DYNAMIC OUTSIDE NAT method. This method will complicate everything, and will mess up your whole Cisco FW configuration. I don’t know anyone that has done this before in my life.

The reason why this can't work is because, in the event an outside user were to access the Public IP that's mapped statically in Site A FW to 192.168.1.102, this traffic will then be-routed to Site B FW via the existing site-to-site VPN, which won't work. This is because in your VPN ACL, the network addresses specified are only 192.168.1.0/24 and 10.1.0.0/24, and nothing else.

What I would suggest you to do is, perform a static NAT in Site B FW, and get all Internet users to speak to that Public IP Address instead. This makes things much easier and simpler.

P/S: If you think this comment is helpful, please do rate them nicely.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
1 REPLY

Site to site VPN

Hi Bro

This cannot be achieved. I made a mistake by saying yes earlier, unless you were to use the DYNAMIC OUTSIDE NAT method. This method will complicate everything, and will mess up your whole Cisco FW configuration. I don’t know anyone that has done this before in my life.

The reason why this can't work is because, in the event an outside user were to access the Public IP that's mapped statically in Site A FW to 192.168.1.102, this traffic will then be-routed to Site B FW via the existing site-to-site VPN, which won't work. This is because in your VPN ACL, the network addresses specified are only 192.168.1.0/24 and 10.1.0.0/24, and nothing else.

What I would suggest you to do is, perform a static NAT in Site B FW, and get all Internet users to speak to that Public IP Address instead. This makes things much easier and simpler.

P/S: If you think this comment is helpful, please do rate them nicely.

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
776
Views
0
Helpful
1
Replies
CreatePlease login to create content