We are trying to establish the site to site VPN with a partner who only accepts public IPs as encryption domain. Unfortunately, we have only one public IP address for internet access which means we are doing NAT overload.
My question is how can we configure the same IP assigned to our VPN gateway as encryption domain and map to the original private IPs.
access-list l2lvpn extended permit ip 188.8.131.52 host 10.x.x.70
crypto map test_map 1 match address l2lvpn crypto map test_map 1 set peer 184.108.40.206 crypto map test_map 1 set transform-set ESP-3DES-SHA
tunnel-group 220.127.116.11 type ipsec-l2l tunnel-group 18.104.22.168 ipsec-attributes ikev1 pre-shared-key *
As you can see you are doing the NAT for your internal network to the interface going to 10.x.x.70, this traffic should be going through the VPN tunnel. If you already have the NAT for Interneta where you are NATting everything this should work also, the ASA will know how to send the traffic back to the internal resource.
The only downside is the remote end cannot initiate traffic since the ASA will not know where to send the traffic. If you can provide more info I can provide the exact commands for you.
Thank you for the quick response and information. Unfortunately, Our router is not ASA so it is not possible to configure nat (inside, outside). However, we will try to translate your suggestion on the router.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...