Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT over VPN

We have a support provider that will only use public IP space for support. So, when using a VPN tunnel for this support, we'll need to configure NAT from public address we give the provider to the private address of the device they access.

The only public space we have is the range that is assigned to the outside interface of the ASA. How can I configure an address from this range to be used in a NAT configuration over VPN.

The provider will initiate a support session over a tunnel to a public IP address, which I will then need to NAT to the private address.

 

3 REPLIES

Hi, So all you need is you

Hi,

 

So all you need is you need to do NAT @ your end to a public address... say 10.0.0.10 is the host you are doing a static NAT to 12.123.123.2.... and your destination network is 194.x.x.x....

your crypto acl should be mapped to public ip address instead of real address.....

 

access-list crypto_acl extended permit ip host 12.123.123.2 host 194.x.x.x

!

so you need to have NAT statements and crypto_acl matching on the other side as well....

 

Regards

Karthik

New Member

Then what would the NAT

Then what would the NAT statement look like for doing this over a tunnel in 8.3 code?
 

It would be something like

It would be something like

 

nat (inside,outside) source static <local ip / object name> <mapped ip/object name> destination static <destination real ip> <destination real ip> no-proxy-arp

 

either you can create a object and add objects else do by mentioning ip

 

Regards

Karthik

56
Views
0
Helpful
3
Replies