Solved

Cisca ASA VPN using an external IP  (VPN-NAT?)

Posted on 2010-09-03
2
459 Views
Last Modified: 2012-05-10
Good Morning,

I am attempting to configure my ASA 5510 to connect to a new company (partner) who has a conflict with my internal IP range.  It is the same as one of theirs.

They have asked, and I quote "Partner must present us with a Public IP through the VPN Tunnel"

I have been instructed to configure my VPN tunnel as normal, but instead of exempting it from nat you don’t ... you want it to nat to the public ip.  I do have several public IPs available

So for example, here is how I would normally configure my tunnel:

access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
....
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5


How can I accomplish what they are asking?  Thank you!


0
Comment
Question by:SchoolPage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 33599837
That's not too difficult.  Just remove the nat0 statement and change the map so that it encrypts traffic coming from the public IP.

no access-list inside_nat0_outbound extended permit ip 10.229.147.0 255.255.255.0 10.209.82.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip host <outsideIP> 10.209.82.0 255.255.255.0

crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer <outsideIP>
crypto map outside_map 1 set transform-set ESP-3DES-MD5
0
 

Author Comment

by:SchoolPage
ID: 33635452
Thank you!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2012 R2 Anywhere Access and PCI compliance 5 53
vpn to Azure 2 22
NTP configuration on Cisco switch 3 36
Layer 3 Switch Configuration 12 48
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question