Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec and NAT on ASA

All,

I want to configure the IPSec site to site VPN tunnel with NAT'ing on the ASA. And I learned from this site and made the configuration as below.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/

products_configuration_example09186a00808c9950.shtml

ASA:

Server private IP: 10.10.10.100, and routable IP: 143.155.20.1

Customer routable IP: 198.43.25.1

!

access-list policy-nat extended permit ip host 10.10.10.100 host 198.43.25.1

!

access-list ipsec extended permit ip host 143.155.20.1 host 198.43.25.1 

!

static (inside,outside) 143.155.20.1 access-list policy-nat

My questions are...Why we nat the real IP address with ACL? Can I nat the IP address instead of the access-list and elimate the policy-nat ACL?

So the configur should look like this.

access-list inside extended permit ip host 10.10.10.100 host 198.43.25.1

!

access-list ipsec extended permit ip host 143.155.20.1 host 198.43.25.1

!

static (inside,outside) 143.155.20.1 10.10.10.100

Please advise.

Regards,

Joe

182
Views
0
Helpful
0
Replies