I have a conflicting network (192.168.20.x/24) that I need to connect to a peer with the same network on their end.
Our inside IP addresses are in the 10.x.x.x range, as well as some 192.168.x.x addresses. Now here is what I am trying to accomplish - hopefully someone can tell me if it is even possible:
I want to connect to 192.168.206.20, which will then be NAT'd in the firewall to be 192.168.20.20 as the destination IP. Then it will head over the VPN tunnel, where we show as a source IP of a publicly registered IP address (126.96.36.199 for this example).
Hopefully someone can follow my request - Cisco TAC couldn't seem to grasp what I was trying to do.
This will not work. From what I understand, your source IP is 192.168.206.20, which is NAT'd by the firewal to 192.168.20.20, however, the remote network that you are connecting to is also 192.168.20.20. You can't NAT the 192.168.20.20 once its already been NAT'd, and then put it in the tunnel. If my understanding is not clear, please draw the topology out so its a bit clearer, with IPs, etc.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...