Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outside interface non-routable address

Greetings all,

I am currently working with a vendor to get my ASA5520 setup to handle IPsec VPN connections for my clients and we are stumped with how to get the outside interface to respond to connections/requests.

I work for a state agency and our network connectivity is provided to us by another agency/department.  The firewall I want to use for VPN connectivity has an outside address of 10.0.8.162 which is not routable outside the state's network.  I have been assigned a set of public IP addresses for servers in my DMZ and I am wondering if it is possible to configure the ASA to utilize one of those public IP addresses for VPN communication.  My DMZ network is setup as a local 192.168.10.0 network and the ASA is performing NAT translations to the corresponding public IP addresses.

I was toying around with the idea of putting in a NAT rule to translate one of the public IP addresses to the 10.0.8.162 outside interface, but I wasn't sure if that would work.

Thanks for all your help and feel free to let me know if I'm crazy and it's not going to work.

1 REPLY
Hall of Fame Super Silver

Outside interface non-routable address

You should try to get the other agency to assign a static NAT for your 10.0.8.162. Then your clients can point to that public IP and you will receive their requests intact with only your address changed to its real value.

I don't think you can "fool" the ASA into NATting its own outside address for traffic whose destination is the ASA itself (e.g the IPsec VPN session establishment and maintenance)

601
Views
0
Helpful
1
Replies
CreatePlease login to create content