asked on Site to Site VPN Nat question
hI,
I'm fairly new to asa natting while using vpn, I was wondering what best practice would be for natting in my case.
I'm thinking one to one static nat since I have 30 usable public ip's and was thinking about using one dedicated to connect to this vendor server. The "outside" ip the My CORP ASA is using can't be used as the natted ip can it?
I attached a diagram using random ip's
Thanks
example-diagram.jpg
I'm fairly new to asa natting while using vpn, I was wondering what best practice would be for natting in my case.
I'm thinking one to one static nat since I have 30 usable public ip's and was thinking about using one dedicated to connect to this vendor server. The "outside" ip the My CORP ASA is using can't be used as the natted ip can it?
I attached a diagram using random ip's
Thanks
example-diagram.jpg
CiscoVPNHardware Firewalls
Last Comment
cisco20
you should disable NAT altogether for a site-to-site tunnel.
the commands (making some assumptions on your config):
nat (inside) 0 access-list inside_nat_outbound
access-list inside_nat_outbound extended permit ip localsubnet netmask remotesubnet netmask
each ASA would have those commands.
the commands (making some assumptions on your config):
nat (inside) 0 access-list inside_nat_outbound
access-list inside_nat_outbound extended permit ip localsubnet netmask remotesubnet netmask
each ASA would have those commands.
ASKER
Can you please ellaborate a little on why no NAT needed for my servers to communicate? Thanks.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes you are correct the connection is between 2 ASA's. I think I'll use the wizard for this setup before using the CLI to get a clearer picture.
ASKER
Thanks.
Use the commands:
"global (outside) 1 interface "
" nat (inside) 1 0.0.0.0 0.0.0.0"