Link to home
Start Free TrialLog in
Avatar of inf2300
inf2300

asked on

Lan 2 Lan vpn Cisco ASA 5505 with NAT

Hi all

i am currently trying to configure a LAN 2 LAN (site to site) vpn between a cisco ASA 5505 and a cisco 3845 router. I only have access to the ASA.

I usually just use the site to site vpn wizard and it works great but now the other guy (on the 3845) is asking me to enable NAT before the encryption (config will be like this : inside--NAT--cryptomap--L2L--cryptomap--NAT--inside).

I am not quite proficient with this kind of configuration. Can someone help?

Thx in advance

ASKER CERTIFIED SOLUTION
Avatar of cosmicfox
cosmicfox
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of inf2300
inf2300

ASKER

So the nat will get executed before it encrypts the traffic?

Thx for the info, I will try that tomorrow
SOLUTION
Avatar of cosmicfox
cosmicfox
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of inf2300
inf2300

ASKER

So how should the nat configurations and access-list go?

Lets say these are my different ranges

inside range : 192.168.2.0/24
my public ip : 5.5.5.5

their peer ip : 6.6.6.6
their inside public ip range : 138.11.16.0/24
their inside range : unknown

So if I get this right, the other guy has this setup : (6.6.6.6)router-----(138.11.16.0/24)firewall------(unknown private range)inside

He told me to NAT my subnet first for security reasons...

I understand the principles, just not sure how to apply it...

Usually, I just exempt the 2 protected subnet from the NAT...



Avatar of inf2300
inf2300

ASKER

nevermind I just figured it out and make it work
Avatar of inf2300
inf2300

ASKER

thx for your help!!