cisco20
asked on
Site to Site VPN Nat question
hI,
I'm fairly new to asa natting while using vpn, I was wondering what best practice would be for natting in my case.
I'm thinking one to one static nat since I have 30 usable public ip's and was thinking about using one dedicated to connect to this vendor server. The "outside" ip the My CORP ASA is using can't be used as the natted ip can it?
I attached a diagram using random ip's
Thanks
example-diagram.jpg
I'm fairly new to asa natting while using vpn, I was wondering what best practice would be for natting in my case.
I'm thinking one to one static nat since I have 30 usable public ip's and was thinking about using one dedicated to connect to this vendor server. The "outside" ip the My CORP ASA is using can't be used as the natted ip can it?
I attached a diagram using random ip's
Thanks
example-diagram.jpg
you should disable NAT altogether for a site-to-site tunnel.
the commands (making some assumptions on your config):
nat (inside) 0 access-list inside_nat_outbound
access-list inside_nat_outbound extended permit ip localsubnet netmask remotesubnet netmask
each ASA would have those commands.
the commands (making some assumptions on your config):
nat (inside) 0 access-list inside_nat_outbound
access-list inside_nat_outbound extended permit ip localsubnet netmask remotesubnet netmask
each ASA would have those commands.
ASKER
Can you please ellaborate a little on why no NAT needed for my servers to communicate? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes you are correct the connection is between 2 ASA's. I think I'll use the wizard for this setup before using the CLI to get a clearer picture.
ASKER
Thanks.
Use the commands:
"global (outside) 1 interface "
" nat (inside) 1 0.0.0.0 0.0.0.0"