Iam facing issue with source base nat in Site-toSite VPN configuration.
We want to access the remote site server 10.67.1.5 from my end server 192.168.210.224 , my server 192.168.210.224 need to nat with 10.66.102.178 to go outside remote site. we have done the below configuration and VPN pahse1 and phase 2 is establishing fine ,but we are not able to access the remote server 10.67.1.5. Phase 2 is establishing and only packets are encapsulating not decapsulating. Remote site is having VPN terminating on router and phase 1 and phase 2 is establishing.
There is no nat exemption configured .Appreciate urgent help to identify the issue...
we already have lot f site to site tunnels up and running..but no tunnels with policy NAT
config -------- access-list acl-NI line 1 extended permit ip host 192.168.210.224 host 10.67.1.5 (hitcnt=0) access-list acl-NI line 2 extended permit ip host 10.66.102.178 host 10.67.1.5 (hitcnt=2)
nat (inside) 2 192.168.210.224 255.255.255.255 global (outside) 2 10.66.102.178
crypto ipsec transform-set NI esp-3des esp-sha-hmac
crypto map ENOCMAP 22 match address acl-NI crypto map ENOCMAP 22 set peer x.x.x.x crypto map ENOCMAP 22 set transform-set NI crypto map ENOCMAP 22 set security-association lifetime seconds 3600 crypto map ENOCMAP 22 set reverse-route crypto map ENOCMAP interface outside
tunnel-group x.x.x.x type ipsec-l2l tunnel-group x.x.x.x ipsec-attributes pre-shared-key *****
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...