Please see the attached config file for more info.
I want to be able to NAT the computer at 184.108.40.206 (fe0 on 851) to a 10.80.125.216/29 address and allow it to go across the vpn tunnel to the computer at 10.20.127.21.
The crypto map on the 851 allows 10.80.125.216/29 to 10.20.127.0/24 and vice versa on the cisco ASA at the other end.
I changed the ip's for posting purposes but the rest of the config is pretty much the same.
I know the config is missing all the NAT entries and thats why I'm posting this. Can someone help me out with the appropriate NAT commands and tell me if this is even possible.
This vpn tunnel is to a 3rd party and whateve addressing we use on our end they cannot initiate the tunnel. I can always initiate the tunnel from my end but never get any response from such tests a ping, trace, https, http, telnet etc.
If we use a private addressing of 10.80.125.216/29 on OUR side, it mysteriously works. They wanted us to use 10.80.125.216/29 initiatlly but its not part of our network structure.
We are pretty sure its a routing issue on THEIR end but can't be 100% certain :>).
I'd like to see if I can get this NAT scenario working to solve this issue.
Hopefully I supplied enough info, but send me a message if not.
On a PIX or ASA this is relatively simple - on a router I'm not 1005.....but you could try creating a specific pool of addresses that contain only 1 or 2 IP addresses. Then configure an extended acl for the source of 220.127.116.11 and the destination of the remtoe /24 subnet.
Then create a NAT rule using the acl and the pool. Also create a no-nat so that the host can still browse the web. When you write the interesting VPN acl - don't forget to use the NATT'd IP not the real IP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :