05-22-2012 10:26 AM
Hi,
I need to setup a VPN tunnel from our 5200 ASA (8.2.1) using an external ip.
This is what I wanted todo but not sure how:
10.0.0.0/24 --> Global nat (66.0.0.135) -> VPN -> other side 47.0.0.47
I would like to have the ability to use any of my hosts on the 10.0.0.0 network to grab a NAT .135 and go through that VPN tunnel but I'm not sure that is possible..
My other option would be:
10.0.0.10 --> NAT 66.0.0.136 -> VPN -> other side 47.0.0.47
This is not a great solution since I need more than one internal host to talk to the .47 on the other end of the tunnel.
my inside interface has 10.0.0.0/24
my outside is 66.0.0.134/26
Solved! Go to Solution.
05-22-2012 11:02 AM
Hi Freddy,
What you need is policy-based static nat for site to site vpn tunnel.
Please follow Cisco doc link below, it explains how you can implement your soulution.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
Please let me know, if this helps.
thanks
Rizwan Rafeek
05-22-2012 11:02 AM
Hi Freddy,
What you need is policy-based static nat for site to site vpn tunnel.
Please follow Cisco doc link below, it explains how you can implement your soulution.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
Please let me know, if this helps.
thanks
Rizwan Rafeek
05-22-2012 03:02 PM
it helps but now I get this:
global address overlaps with mask
access-list policy-nat extended permit ip 10.0.0.0 255.255.255.0 host 64.0.0.227
static (inside,outside) 66.0.0.128 access-list policy-nat
I have a global nat that translates ant to 66.0.0.135:
access-list nonat10 extended permit ip 10.0.0.0 255.255.254.0 192.168.200.0 255.255.255.0
global (outside) 1 66.0.0.135 netmask 255.255.255.192
nat (inside) 0 access-list nonat10
nat (inside) 1 0.0.0.0 0.0.0.0
05-22-2012 06:15 PM
Hi Freddy,
You do not have use all the IPs in the pool for policy-static nat but you can use use just a single IP alone.
Please follow the config below.
static (inside,outside) 66.0.0.135 access-list policy-nat
Please let me know,
If this helps.
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: