Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunnels with NAT

I have read over several of the messages on the subject and still think I am missing something, so I am looking for assistance.

Basically, I am in the process of setting up multiple VPN tunnels to various external connections. We are trying to keep the external "private" addresses out of our core network using NAT.

I can get the Tunnel to work without issue using the NONAT ACL; however, this requires that our internal network is aware of their external "private" addresses. Our goal is to enter an Inside address which is NAT'd to the external "private" address and then transported via the VPN tunnel. Basically hiding the external "private" address from our internal systems as they would appear as thought the connection was one of our own networks.

The reverse is true coming from their external "private" network. Any sourced information from their external "private" network would be translated into our "private" address space upon arrival.

Can this be done? I have attached a diagram, which might help.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: VPN Tunnels with NAT

Hi

Yes this should be possible. Lets say you allocate 10.112.2.250 as the address you are using to present the external server 192.168.10.10.

On your ASA device

static (outside,inside) 10.112.2.250 192.168.10.10 netmask 255.255.255.255

You will need to make sure that when your system tries to connect to 10.112.2.250 that it gets routed to the ASA device.

HTH

Jon

2 REPLIES
Hall of Fame Super Blue

Re: VPN Tunnels with NAT

Hi

Yes this should be possible. Lets say you allocate 10.112.2.250 as the address you are using to present the external server 192.168.10.10.

On your ASA device

static (outside,inside) 10.112.2.250 192.168.10.10 netmask 255.255.255.255

You will need to make sure that when your system tries to connect to 10.112.2.250 that it gets routed to the ASA device.

HTH

Jon

New Member

Re: VPN Tunnels with NAT

Entered the configuration you recommended above and it worked great. Thanks for your help.

127
Views
0
Helpful
2
Replies
CreatePlease login to create content