Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

L2L VPN with source and destination NAT

Hello,

i am new with the ASA 8.4 and was wondering how to tackle the following scenario.

The diagram is

Customer ---->>> Firewall --->> L2L VPN --->> Me --->> MPLS ---> Server

The server is accessible by other tunnels in place but there is no NAT needed. For the tunnel we are talking about it is

The Customer connects the following way

Source: 198.1.1.1

Destination: 192.168.1.1

It gets to the outside ASA interface which should translate the packets to:

Source: 10.110.110.1

Destination: 10.120.110.1

On the way back, 10.120.110.1 should be translated to 192.168.1.1 only when going to 198.1.1.1

I did the following configuration which I am not able to test but tomorrow during the migration

object network obj-198.1.1.1

host 198.1.1.1

object network obj-198.1.1.1

nat (outside,inside) dynamic 10.110.110.1

For the inside to outside NAT depending on the destination:

object network Real-IP

  host 10.120.110.1

object-group network PE-VPN-src

network-object host 198.1.1.1

object network Destination-NAT

host 192.168.1.1

nat (inside,outside) source static Real-IP Destination-NAT destination static PE-VPN-src PE-VPN-src

Question is if I should create also the following or not for the outside to inside flow NAT? Or the NAT is done from the inside to outside estatement even if the traffic is always initiated from outside interface?

object network obj-192.168.1.1

host 192.168.1.1

object network obj-192.168.1.1

nat (outside,inside) dynamic 10.120.110.1

160
Views
0
Helpful
0
Replies
CreatePlease to create content