Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Tunnel one external IP by VPN to forward through the ASA

Hi,

I've configured a remote access vpn that works fine.

Now I've a trouble:

The IP address assigned to my outside interface is allowed, from the firewall of my customer, to access an its natted server.

I would that the traffic addressed to the public IP of my customer, originated from the vpn, goes inside the tunnel (I've already configured split tunnel to forward this traffic to my asa) and from the asa reaches the customer as coming from my asa interface.

I've tried in this way

object network customer

host 5.5.5.5

nat (outside,outside) static 5.5.5.5

nat (inside,outside) source static inside_network inside_network destination static vpn_pool_address vpn_pool_address

nat (dmz,outside) source static dmz_network dmz_network destination static vpn_pool_address vpn_pool_address

nat (outside,outside) source static customer customer destination static vpn_pool_address vpn_pool_address

See attached image for scenario.

NETWORK ISSUE.JPG

Everyone's tags (3)
2 REPLIES
Cisco Employee

Re: Tunnel one external IP by VPN to forward through the ASA

Hi,

Do you have intra-interface hairpin configured on the ASA?
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

Community Member

Tunnel one external IP by VPN to forward through the ASA

I've tried but doesn't work.

From my client I've to telnet the public IP address of my customer having my asa outside ip address as source.

Supposing 5.5.5.5 the customer ip address, I've submitted this commands:

same-security-traffic permit intra-interface

object network CUSTOMER

     host 5.5.5.5

     nat (outside,outside) dynamic interface

nat (inside,outside) source static CUSTOMER CUSTOMER destinatin static VPN_POOL VPN_POOL

Is it correct?

894
Views
0
Helpful
2
Replies
CreatePlease to create content