?
Solved

Cisca ASA VPN using an external IP  (VPN-NAT?)

Posted on 2010-09-03
2
Medium Priority
?
462 Views
Last Modified: 2012-05-10
Good Morning,

I am attempting to configure my ASA 5510 to connect to a new company (partner) who has a conflict with my internal IP range.  It is the same as one of theirs.

They have asked, and I quote "Partner must present us with a Public IP through the VPN Tunnel"

I have been instructed to configure my VPN tunnel as normal, but instead of exempting it from nat you don’t ... you want it to nat to the public ip.  I do have several public IPs available

So for example, here is how I would normally configure my tunnel:

access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
....
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5


How can I accomplish what they are asking?  Thank you!


0
Comment
Question by:SchoolPage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 33599837
That's not too difficult.  Just remove the nat0 statement and change the map so that it encrypts traffic coming from the public IP.

no access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip host <outsideIP> 10.209.82.0 255.255.255.0

crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5
0
 

Author Comment

by:SchoolPage
ID: 33635452
Thank you!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question