Need help setting up NAT through VPN tunnel
Posted on 2008-06-18
I've run across an issue where I suspect I need to NAT IP addresses through a VPN tunnel that uses a Cisco ASA-5510 on my side of the tunnel and ends on the consultant's side of the tunnel on a VPN 3000 concentrator.
Setting up the VPN tunnel is easy for me - I've done this before and have no problem with it. At issue is, the internal IP address we use on our internal network is the same as our consultants main headquarter network - it's aa.cc.4.0 to aa.cc.7.255 (255.255.252.0 mask).
I know you can do NAT to a physical interface of an ASA-5510, but can you use NAT to be applied to our internal subnet to a specific IP like 192.168.100.0 ? (or maybe 192.168.0.1) that then can be pushed through the VPN tunnel to the other side? If so, is there anything that the consultant needs to do with the NAT'ed IP address once it get's through the Concentrator? I don't believe they have to, just set an access rule to let that NAT'ed IP through.
We need this working so our people can access terminal server sessions on the consultant's network. All other sites are working, but here with this one site, I can implement the access-list rule to the tunnel since we have the IP conflict. Short of changing our subnet IP segment on our side, is there a solution?