customer has vpn concentrator hanging off ASA dmz interface. Customer wants vpn tunnels moved to ASA. Hitch, the ASA has a static toward the dmz converting a 10 address to a 172 address before hitting concentrator so end point of tunnel refers to 172 address not 10 address. If I do the following should it work?
nat (inside) 99 access-list convert
global (outside) 99 172.x.x.x
access-list convert permit ip host 10.x.x.x host 188.8.131.52 (other end of the tunnel)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...