It's my first time to post here and not an expert is cisco products so please bear with me.
I have this problem wiht our Site to Site VPN our client wanted us to make a NAT with our current network setup cz it very hard for thim make ajustments. so basicallly out netowk layout is that we have local network with multiple vlans and subnets, we have a local IP subnets of 172.1.X.0/24
LocalLAN - CORESwitch - ASA 5524 - Internet (172.1.x.0/24) (126.96.36.199) (Inside: 188.8.131.52) (Outside: 184.108.40.206) not reall IP
now our clients need us to use any of the 10.11.x.0/24 subnet for the site to site vpn. They asked to create a nat translating my 172.1.x.0/24 netwotk to 10.11.x.0/25 to initiate the vpn. My question is that from my current network setup. Where do I setup NAT? I know this is possile to some versions of cisco's layer 3 swithes but the one that we have does have this feature. I Know that ASA fireall can do NATTING but steps to do it, I'm not so sure. Your help will be greatly appreciated.
So you need to first setup a site-site VPN. We define incoming traffic as "interesting" with an access-list and then call that access-list with a cryptomap to make it get encrypted and directed to the remote peer IP address.
Most often we exempt the "interesting" traffic from NAT. However when you do want to change it (as in your case) we also can do this NAT on the ASA. We create an object for your local networks and an associated NAT rule for traffic destined for the partner's network(s).
There's a pretty good example of this type of use case on this page: link. If you're using ASA 8.3 or higher, the NAT commands would need to be adjusted to account for the newer syntax.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :