Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA vpn nat question

i have an ASA 5520 ver 8.4 with the following config

WAN

207.211.25.34

Production

10.11.12.1 255.255.255.0

Mgmt

10.11.11.1 255.255.255.0

i need to create a peer-2-peer VPN to a remote site ASP16 from both Prod and Mgmt

what would my nat statement look like ?

currently i have the following but can only ping from Mgmt not Prod  (ASP17 is an network object group that contain the Prod and Mgmt subnets )

nat (Production,WAN) source static ASP17_VPN ASP17_VPN destination static ASP16 ASP16 no-proxy-arp route-lookup

nat (Mgmt,WAN) source static ASP17_VPN ASP17_VPN destination static ASP8_Prod ASP8_Prod

2 REPLIES

ASA vpn nat question

Hello Tejas,

The configuration for the nat is the one required ( No nat on 8.4.2)

You will need to check if you have any ACL on the Prod interface that might be blocking that traffic.

Please rate helpful posts.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

ASA vpn nat question

Hello Tejas,

After reading your configuration I can see that the crypto-maps are applyed to the outside interface, and the Access-list for the interesting traffic has both networks (Managment and production) so you should be able to access the other network from this site.

Can you do the following packet tracers to see the features the ICMP packet is hitting when the Request is sent.

I will need the output of the following commands:

1- Packet-tracer input Mgmt icmp 10.11.34.15 8 0 10.30.6.15

2-Packet-tracer input Production icmp 10.11.35.15 8 0 10.30.6.15

Please rate helpful posts,

Julio!!

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
274
Views
0
Helpful
2
Replies
CreatePlease login to create content