I have the following situation. I set up the IPSec l2l tunnel to ASA5510 with static IP and running 8.3(1) where the remote site (Peer) has dynamic IP.
I need to create a static NAT for a server which is sitting at the peer's side, i.e. behind the VPN. Tunnel is working just fine, nets can ping each other and now I need to make the host at the Peer's side to be accessible from the Internet at a particular IP address, via VPN tunnel. Is it possible?
ASA has routable IP address.
Any help is highly appreciated,
Below is config of ASA, some configuration has been omitted:
This is possible and should work. One thing you need to take care of the Phase 2 ACL on the remote end. Ensure you have the following crypto ACL entry in the VPN traffic defined:
192.168.1.104 ------> any
Basically, you want anyone from internet to be able to access the server from the internet and hence you need this traffic identifier for the VPN on the remote end. on the ASA, we do not need any changes to the VPN config. Your ACL and NAT look fine. It should be working as long you have the above change on the remote end. What is the remote device?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...