We have a VPN set up on a Pix 506e. I didn't set this up originally and I'm just now beginning to work with VPNs. Anyway, I need to move this VPN connection to an ASA5510. I've set up four or five site-to-site VPNs on the ASA with no problems, but this one is configured a bit differently and I'm not sure why. I'll try to describe best I can:
-There are a series of ACL allowing access from several public network addresses to a private network address of 10.33.55.0.
-There is a NAT rule set up that points any traffic from our private LAN (172.0.0.0) destined for the aforementioned public networks to a NAT pool IP of 10.33.55.10.
Relevant portions from the config on the 506:
name xxx.xxx.xxx.xxx vpn-STV-peer
access-list toSTV-VPN-Traffic permit ip 172.0.0.0 255.0.0.0 175.0.0.0 255.0.0.0
access-list toSTV-VPN permit ip 10.33.55.0 255.255.255.0 175.70.0.0 255.255.0.0
access-list toSTV-VPN permit ip 10.33.55.0 255.255.255.0 175.80.0.0 255.255.0.0
access-list toSTV-VPN permit ip 10.33.55.0 255.255.255.0 175.90.0.0 255.255.0.0
access-list toSTV-VPN permit ip 10.33.55.0 255.255.255.0 175.72.0.0 255.255.0.0
access-list inbound permit ip 175.70.0.0 255.255.0.0 10.33.55.0 255.255.255.0
access-list inbound permit ip 175.80.0.0 255.255.0.0 10.33.55.0 255.255.255.0
access-list inbound permit ip 175.90.0.0 255.255.0.0 10.33.55.0 255.255.255.0
access-list inbound permit ip 175.72.0.0 255.255.0.0 10.33.55.0 255.255.255.0
access-list outbound permit ip 10.30.55.0 255.255.255.0 any
global (outside) 10 10.33.55.10
nat (inside) 10 access-list toSTV-VPN-Traffic 0 0
route outside 175.0.0.0 255.0.0.0 xxx.xxx.xxx.xxx 1
Can anyone help me understand why the NAT is in place? Newbie question, I know. I'm missing something here. Thanks.
Start Free Trial
