[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Cisca ASA VPN using an external IP (VPN-NAT?)

Good Morning,

I am attempting to configure my ASA 5510 to connect to a new company (partner) who has a conflict with my internal IP range.  It is the same as one of theirs.

They have asked, and I quote "Partner must present us with a Public IP through the VPN Tunnel"

I have been instructed to configure my VPN tunnel as normal, but instead of exempting it from nat you don’t ... you want it to nat to the public ip.  I do have several public IPs available

So for example, here is how I would normally configure my tunnel:

access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
....
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5


How can I accomplish what they are asking?  Thank you!


0
SchoolPage
Asked:
SchoolPage
1 Solution
 
Jody LemoineNetwork ArchitectCommented:
That's not too difficult.  Just remove the nat0 statement and change the map so that it encrypts traffic coming from the public IP.

no access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip host <outsideIP> 10.209.82.0 255.255.255.0

crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5
0
 
SchoolPageAuthor Commented:
Thank you!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now