?
Solved

Cisca ASA VPN using an external IP  (VPN-NAT?)

Posted on 2010-09-03
2
Medium Priority
?
468 Views
Last Modified: 2012-05-10
Good Morning,

I am attempting to configure my ASA 5510 to connect to a new company (partner) who has a conflict with my internal IP range.  It is the same as one of theirs.

They have asked, and I quote "Partner must present us with a Public IP through the VPN Tunnel"

I have been instructed to configure my VPN tunnel as normal, but instead of exempting it from nat you don’t ... you want it to nat to the public ip.  I do have several public IPs available

So for example, here is how I would normally configure my tunnel:

access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
....
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5


How can I accomplish what they are asking?  Thank you!


0
Comment
Question by:SchoolPage
2 Comments
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 33599837
That's not too difficult.  Just remove the nat0 statement and change the map so that it encrypts traffic coming from the public IP.

no access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip host <outsideIP> 10.209.82.0 255.255.255.0

crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5
0
 

Author Comment

by:SchoolPage
ID: 33635452
Thank you!
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question