ASA issue transferring traffic between IPSEC encryption domains using NAT - please help!
I have been fighting this for longer than I would want to admit. So any help would be greatly appreciated
Basically we need to connect a client via IPSEC to an ASA 5510 in Brazil and then using the same 5510 send that traffic source and destination NAT'd over another IPSEC tunnel that connects back to our data center in the US where the service the client needs is located.
Why don't we just connect directly from the client device to the US you ask? Good question, and it involves the typical politics and sales promises.
I have attached a sanitized diagram of what we are trying to accomplish with the relevant configlets.
The IPSEC tunnel from the client to the ASA 5510 in Brazil is up. The IPSEC tunnel to between Brazil and US has not come up because I do not think the interesting traffic is making it there. The best I can tell is that NATing does not work how I would expect when all the traffic stays on the same interface and comes from an IPSEC tunnel.
I should note that we had no problem with the same setup when we did not have an IPSEC tunnel between the client and 5510. We were able source and destination NAT outside to outside and send the new translated IP's through the Brazil-US tunnel.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...