I have an ASA which connects to a BT Inifinty router. The address on the outside interface is dynamic. BT provide us with 5 static addresses (No NAT 5) which are routed to the outside interface but are a different subnet.
I would like to terminate the site to site VPN using one of the static IP addresses rather than the outside dynamic address.
Can I NAT the public static address to the DMZ interface (or any interface for that matter) and terminate the VPN on that interface i.e. the firewall is terminated through the firewall?
Update: A few people have looked but no answer. Is there some detail I need to add?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...