Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Moving L to L tunnel from 3000 concentrator to ASA 5510

Hello,

I'm looking into moving VPN Lan to Lan tunnel configuration from Cisco 3000 VPN concentrator to ASA 5510. I noticed that this particular configuration has NAT enabled in the concentrator (Config => Policy Management => Traffic Mgmt => NAT => L to L Rules)... there are 2 servers NATted to 192.168.1.1 and .2 addresses, so I need to do the same in ASA. What steps should I take to achieve the same config in ASA? Can this be done thru SDM?

thank you,

forman

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Moving L to L tunnel from 3000 concentrator to ASA 5510

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

That is correct.

You should NAT the traffic of the VPN and define the VPN traffic from the translated addresses.

Federico.

5 REPLIES

Re: Moving L to L tunnel from 3000 concentrator to ASA 5510

Hi,

I'm not sure if TAC has a tool that converts from VPN Concentrator to ASA.

I've always done them manually either via CLI or ASDM.

Federico.

New Member

Re: Moving L to L tunnel from 3000 concentrator to ASA 5510

Thanks Federico, but how would you define NAT statements for VPN tunnel in ASA? I can't find it in ASDM and don't have much experience to configure thru CLI. It seems that it was quite easy to do in the concentrator.

New Member

Re: Moving L to L tunnel from 3000 concentrator to ASA 5510

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

Re: Moving L to L tunnel from 3000 concentrator to ASA 5510

Re: Moving L to L tunnel from 3000 concentrator to ASA 5510

In ASDM => configuration => NAT Rules, I can create static rule from Inside interface to Inside int, and then create the tunnel using "translated address" or "translated network" as Local network in VPN config. Is it correct?

That is correct.

You should NAT the traffic of the VPN and define the VPN traffic from the translated addresses.

Federico.

545
Views
0
Helpful
5
Replies