I am building a site-to-site VPN on my ASA with an organization that is using the same IP space on their LAN. I am thinking about doing static translation for my 10.x.x.x/10 before it hits the VPN tunnel, but I am not realy excited with that solution. Does anyone have any other suggestions? Thank you.
"If both sides use the same IP addresses, NAT will have
to be done on BOTH sides."
Well that's not strictly correct either. It all depends on whether or not both sides need to initiate connections or it is just one side that needs to initiate connections.
We know the ASA can do this but Vlad was asking if there was any other way.
So next time, before you jump in and tell people they are wrong perhaps you could take a moment to ensure what you are saying is right. We all make mistakes and get things wrong but there are perhaps better ways of expressing it.
Lastly, signing out with CCIE Security does nothing, at least for me, to back up your arguments. There are many CCIE's on these forums and none of them seem to feel the need to express it in the way you do.
Feeling a complete idiot as i have now realised that yes you do need to NAT both sides. I mixed it up with having to statically NAT or dynamically NAT depending on whether both sides need to initiate connections or not.
Sincere apologies for the mistake and yes i can see the irony in what i wrote !.
My Question is can i NAT the Inside host IP address 172.16.XX.XX to a public IP address. my partner wants to NAT with Public IP, if i don't convince him then we will end routing my server 172.17.X.X to public address through VPN. IS this recommended ? or can we do a double NAT to make sure that we don't route traffic to Public IP directly even through VPN. please suggest me.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...