I have a client that I terminated a VPN into yesterday.  Typical network-to-network VPN.  I can ping the private side of his vpn just fine, but he is trying to get me access to hosts on different networks that are routed through his network somewhere.

Bottom line, I want him to create a NAT rule on the ASA to basically say the following:

Any traffic coming from (my network) to NAT out the inside interface of (his LAN1 interface) to anything beyond his router.
Who is Participating?
MikeKaneConnect With a Mentor Commented:
I didn't quite follow the question.....

If you want to reach other hosts through that VPN, you would 1st need to add those Host IPs to the nonat and crypto maps so that traffic is caught in the VPN as well.  The far site would need to add the same pattern on their code as well.  This would depend on how many hosts to route.    You could add the entire subnet range to the nonat or multiple subnets for that matter, just as long as the other admin matches what you add.    

If this isn't the answer you were looking for, then I ask for a little clarification on the question.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.