I have given a task to setup a site-site VPN tunnel between my site and external vendor. Vendor wants the source IP to be a valid ISP IP instead of internal address. My question can i NAT the source at my end to the same IP which is acting as VPN Gateway (where the tunnel terminates in my ASA) i.e natting the source to the interface? will that work?
My source IP : 10.10.10.123
AAS Interface IP (acting as VPN GW for site-site vpn) : x.x.x.x
vendor doesnt want to use the internal IP (in my case 10.10.10.123) to connect, instead of that he would like to use a public IP. My question is if i Nat my source IP (10.10.10.123) to the same interface which is acting as VPN GW will that work? if this recommened?
You can use the your VPN Devices public IP address on the L2L VPN connection also but you will have to be carefull with the NAT configuration.
You would have to configure either Static PAT , Static Policy PAT or Static Policy NAT
You should NOT configure Static NAT using the interface IP address (of the ASA?) or you will potentially cause problems with traffic forwarding.
If you have other free public IP addresses then you can naturally use them for the configurations also.
EDIT: As stated above if this L2L VPN serves only connection from your site to the remote site then you probably wont need any additional NAT configurations as the internal hosts traffic should match the basic Dynamic PAT rule you have in place for any outbound traffic. If the remote site needs to form connections to your site then you would need some NAT configuration mentioned above.
If vpn setup is on ASA then I guess what your vendor is asking for is the IP of your Outside interface of your ASA (which is a most likely a public IP or ISP given IP). You do not require a NAT since it probably exists if your internal IP (i assume 10..x.x.x range) have access to the internet. let us know if my assumptios are not currect and then clarify.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :