ASA 5510 - Config NAT on VPN
Posted on 2006-04-25
Here is my situation. My company recently purchased out a division of another company. We have to maintain a link to the old company so that the purchased divisions can maintain communicating to their Oracle instance and keep operating. I have been able to move a lot of traffic from the old company's network and so our network now looks like at the site I am working on.
Internet <--> [Public IP] ASA5510[10.27.130.2] <--> 2501Router
Old company <--> 2812 Router[10.27.130.1] <--> LAN [10.27.130.0/24]
The 2501 router is a temporary router that acts as the default gateway for the LAN. this router just says that for the IP ranges for the old company and Oracle go to the 2812 router, otherwise go to the ASA.
I have remote VPN configured and working on the ASA (I am using the 10.27.230.0/24 range for those clients. Can ping inside hosts, etc. Now when I try to ping the oracle server I am willing to bet that the packet is reaching the server, however of course on the return trip thru the old company's network, they have no clue where the 10.27.230.0/24 network is or they have one already and are routing it a different way.
What I want to do is for certain IP ranges (we'll use 172.16.5.0/24 and 192.168.100.0/24 for examples) when the VPN clients want to communicate with those IP ranges, that there is a PAT done to the 10.27.230.0/24 VPN client to perferably the 10.27.130.2 inside interface of the ASA or to another IP on the LAN that the ASA can proxy for.
I obviously have no control over the 2812 router and beyond due to it being owned and operated by the other company.
I don't know if it is possible, but what I was thinking was this
nat (outside) 5 10.27.230.0 255.255.255.0
global (inside) 5 10.27.130.100
not sure if that even makes sense, but any help is greatly appreciated.