Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN NAT IOS 8.3

We have successfully created various Site to Site VPN tunnels across our Cisco ASA 5520 infrastructure using the normal method off Internal LAN 10.137.230.x > No NAT > VPN Tunnel.

This has been done on your Firewall model which is shown below

Capture.jpg


However, we now have to create a VPN tunnel to a third party where they want to do the following:

Internal LAN 10.137.230.x > NAT 109.174.146.130 > VPN Tunnel

Would anyone be able to help with this, it would be really appreciated.

Everyone's tags (6)
2 REPLIES
Cisco Employee

Re: VPN NAT IOS 8.3

Assuming that traffic will always be initiated from the ASA site, you can configure NAT on the ASA, and crypto ACL will be sourcing from the NATed address (109.174.146.130) towards the remote end.

Let's make example that remote LAN is 192.168.1.0/24

object network vpn-10.137.230.0

     subnet 10.137.230.0 255.255.255.0


object network obj-109.174.146.130

     host 109.174.146.130


object network vpn-192.168.1.0

     subnet 192.168.1.0 255.255.255.0


nat (inside,outside) source dynamic vpn-10.137.230.0 obj-109.174.146.130 destination static vpn-192.168.1.0 vpn-192.168.1.0

Crypto ACL will be as follows:

access-list cryptoACL permit ip host 109.174.146.130 192.168.1.0 255.255.255.0

Hope that helps.

New Member

Re: VPN NAT IOS 8.3

Thank you for your help, I have applied the config, changing our external IP to a specific one for this VPN tunnel.

Will let you know what happens on Monday.

525
Views
0
Helpful
2
Replies
CreatePlease login to create content