I have multiple remote sites that manage their own networks. A lot of these remote sites carry the same private IP range (192.168.1.x). I am wanting to take specific traffic, in which i specify, and route it towards an ASA thats placed at the remote site. In that ASA I want to create a Lan-2-Lan tunnel to the head end (Central) site to where it can access it's destination IP's (servers, etc.).
The problem is, I need to NAT somewhere in the stream since there will be multiple remote sites with the same ip scheme. Therefore, I need to NAT them before they get to the head end site or I will struggle routing the traffic back to them. I'm not sure where the NAT needs to take place. I'm assuming I need to NAT it within the remote ASA before it traverses the outside connection (internet). And if this is the case, how do I do the nat in the asa in order to translate each remote site into it's own subnet?
Hopefully this makes sense!
Thanks again for all your help and knowledge! You guys are pretty amazing!
Thanks for the reply. So, to complicate things a bit unfortunately......is it possible to do the nat on the central side?
For instance I have two remote agencies coming in as follows:
site a 172.16.1.x is trying to access a server at the central site 10.x.x.50
site b 172.16.1.x is also trying to access that same server.
My problem, i believe, is when site A comes inbound from the remote side to my central site asa, I can NAT it to a unique subnet in which i could route to in my internal network. This part works. However When site b comes in (with the same local addresses), what prevents site b from getting nat'd to site a's IP address? And will it find its way back?
The only reason this is such an issue is that we do not have control of the remote agencies IP addresses nor do we have control of the remote equipment. And the personnel at the remote agencies aren't always super tech savvy. So i'm trying to find a way to which they have very little part in the configuration.
Any help you can offer or anyone for that matter, would be of great assistance!!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :