We are trying to establish the site to site VPN with a partner who only accepts public IPs as encryption domain. Unfortunately, we have only one public IP address for internet access which means we are doing NAT overload.
My question is how can we configure the same IP assigned to our VPN gateway as encryption domain and map to the original private IPs.
access-list l2lvpn extended permit ip 18.104.22.168 host 10.x.x.70
crypto map test_map 1 match address l2lvpn crypto map test_map 1 set peer 22.214.171.124 crypto map test_map 1 set transform-set ESP-3DES-SHA
tunnel-group 126.96.36.199 type ipsec-l2l tunnel-group 188.8.131.52 ipsec-attributes ikev1 pre-shared-key *
As you can see you are doing the NAT for your internal network to the interface going to 10.x.x.70, this traffic should be going through the VPN tunnel. If you already have the NAT for Interneta where you are NATting everything this should work also, the ASA will know how to send the traffic back to the internal resource.
The only downside is the remote end cannot initiate traffic since the ASA will not know where to send the traffic. If you can provide more info I can provide the exact commands for you.
Thank you for the quick response and information. Unfortunately, Our router is not ASA so it is not possible to configure nat (inside, outside). However, we will try to translate your suggestion on the router.
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...
Unable to get signature update from cisco.com
1. Make sure the router can get name resolution. Configure the router with a proper DNS name server.
ISR4451#utd threat-inspection signature update server cisco username xxxxx password yyyyy