I have like over 150 VPN's on my ASA 5520. One specific customer I am setting up a VPN with has an overlap with two of the IP's he needs to reach from his internal network. He is NATing his internal network to 10.251.11.177 so traffic getting to my ASA is presenting itself as 10.251.11.177 from the 10.251.11.176/29 network. Now the two IP's from his internal network he needs to reach are 10.1.254.200 and 10.1.254.201.
So following some documentation on Cisco website I am trying to do Policy Based Routing on the ASA 5520 (my end) so that his traffic goes to 184.108.40.206 and 220.127.116.11 instead of 10.1.254.200 and 10.1.254.201. Once it reaches my ASA 5520 it gets tranlated back to those IP's.
I'm trying to use the following configuration but when I try to add the static entries it won't let me add them. I even tried "static (outside,inside) 18.104.22.168 access-list POLICYNAT" with the ACL in reverse but no use.
object-group network VPN-MAP
network-object host 22.214.171.124
network-object host 126.96.36.199
access-list POLICYNAT extended permit ip host 10.1.254.200 10.251.11.176 255.255.255.248
access-list POLICYNAT extended permit ip host 10.1.254.201 10.251.11.176 255.255.255.248
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...