amitabhg
asked on
NAT in ASA5520
Hi
we have 10.95.10.0/24 and 10.95.11.0/24 inside network
when we access internet its using our PAT IP 125.16.20.6
we have VPN tunnel with other office between 192.168.11.0/24 to 192.168.10.0/24
we have done static NAT between 10.95.11.0/24 to 192.168.11.0/24 for this VPN tunnel
now we want to access 192.168.10.25 from 10.95.11.0/24
for this i am doing the below configuration please let me know if its correct or not
global (outside) 2 192.168.11.25 netmask 255.255.255.255
nat (inside) 2 access-list 3PPAT
access-list 3PPAT extended permit ip 10.95.10.0 255.255.255.0 host 192.168.10.25
This is basically when request comes from 10.95.10.0/24 to 192.168.10.25 at firewall it will take 192.168.11.25 as PAT ip and requset will go to 192.168.11.25 through VPN Tunnel
can any one tell me if its correct or not
if its wrong could you pls tell me how can i access that end IP
we have 10.95.10.0/24 and 10.95.11.0/24 inside network
when we access internet its using our PAT IP 125.16.20.6
we have VPN tunnel with other office between 192.168.11.0/24 to 192.168.10.0/24
we have done static NAT between 10.95.11.0/24 to 192.168.11.0/24 for this VPN tunnel
now we want to access 192.168.10.25 from 10.95.11.0/24
for this i am doing the below configuration please let me know if its correct or not
global (outside) 2 192.168.11.25 netmask 255.255.255.255
nat (inside) 2 access-list 3PPAT
access-list 3PPAT extended permit ip 10.95.10.0 255.255.255.0 host 192.168.10.25
This is basically when request comes from 10.95.10.0/24 to 192.168.10.25 at firewall it will take 192.168.11.25 as PAT ip and requset will go to 192.168.11.25 through VPN Tunnel
can any one tell me if its correct or not
if its wrong could you pls tell me how can i access that end IP
ASKER
nope
we have VPN Tunnel with other office in that tunnel we are using 192.168.11.0 as encryption domain and other end they are using 192.168.10.0 as encryption domain. ( as they already have tunnel with 10.95.11.0/24)
we have static nats like this for this tunnel access
static (inside,outside) 192.168.11.5 10.95.11.5 netmask 255.255.255.255
static (inside,outside) 192.168.11.6 10.95.11.6 netmask 255.255.255.255
static (inside,outside) 192.168.11.7 10.95.11.7 netmask 255.255.255.255
static (inside,outside) 192.168.11.8 10.95.11.8 netmask 255.255.255.255
this we did because these internal ips dosent require any other access like internet
this VPN part is working fine
now we want to access 192.168.10.25 from 10.95.10.0/24 as this subnet dosent have any static nat to 192.168.11.x we want to access 192.168.10.25 with 192.168.10.25 (Policy nat)
is this clear.
we have VPN Tunnel with other office in that tunnel we are using 192.168.11.0 as encryption domain and other end they are using 192.168.10.0 as encryption domain. ( as they already have tunnel with 10.95.11.0/24)
we have static nats like this for this tunnel access
static (inside,outside) 192.168.11.5 10.95.11.5 netmask 255.255.255.255
static (inside,outside) 192.168.11.6 10.95.11.6 netmask 255.255.255.255
static (inside,outside) 192.168.11.7 10.95.11.7 netmask 255.255.255.255
static (inside,outside) 192.168.11.8 10.95.11.8 netmask 255.255.255.255
this we did because these internal ips dosent require any other access like internet
this VPN part is working fine
now we want to access 192.168.10.25 from 10.95.10.0/24 as this subnet dosent have any static nat to 192.168.11.x we want to access 192.168.10.25 with 192.168.10.25 (Policy nat)
is this clear.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
TanQ hossam82
its working fine.
its working fine.
You want to include traffic from 192.168.10.25 to 10.95.11.0 in the vpn tunnel.
Is that correct?