inf2300
asked on
Lan 2 Lan vpn Cisco ASA 5505 with NAT
Hi all
i am currently trying to configure a LAN 2 LAN (site to site) vpn between a cisco ASA 5505 and a cisco 3845 router. I only have access to the ASA.
I usually just use the site to site vpn wizard and it works great but now the other guy (on the 3845) is asking me to enable NAT before the encryption (config will be like this : inside--NAT--cryptomap--L2 L--cryptom ap--NAT--i nside).
I am not quite proficient with this kind of configuration. Can someone help?
Thx in advance
i am currently trying to configure a LAN 2 LAN (site to site) vpn between a cisco ASA 5505 and a cisco 3845 router. I only have access to the ASA.
I usually just use the site to site vpn wizard and it works great but now the other guy (on the 3845) is asking me to enable NAT before the encryption (config will be like this : inside--NAT--cryptomap--L2
I am not quite proficient with this kind of configuration. Can someone help?
Thx in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So how should the nat configurations and access-list go?
Lets say these are my different ranges
inside range : 192.168.2.0/24
my public ip : 5.5.5.5
their peer ip : 6.6.6.6
their inside public ip range : 138.11.16.0/24
their inside range : unknown
So if I get this right, the other guy has this setup : (6.6.6.6)router-----(138.1 1.16.0/24) firewall-- ----(unkno wn private range)inside
He told me to NAT my subnet first for security reasons...
I understand the principles, just not sure how to apply it...
Usually, I just exempt the 2 protected subnet from the NAT...
Lets say these are my different ranges
inside range : 192.168.2.0/24
my public ip : 5.5.5.5
their peer ip : 6.6.6.6
their inside public ip range : 138.11.16.0/24
their inside range : unknown
So if I get this right, the other guy has this setup : (6.6.6.6)router-----(138.1
He told me to NAT my subnet first for security reasons...
I understand the principles, just not sure how to apply it...
Usually, I just exempt the 2 protected subnet from the NAT...
ASKER
nevermind I just figured it out and make it work
ASKER
thx for your help!!
ASKER
Thx for the info, I will try that tomorrow