So here's the scenario - both sites are using Cisco ASA 5510 - I've got the tunnel up but need to know how to configure a solution for this issue:
- Remote site needs access to monitor equipment on our 172.16.5.0 network however remote site has an internal network using the exact same address space
- Remote site would like us to NAT to 10.50.48.0 network so that any requests made to my 172 network would come back to that 10 network
- Asked our support people how this could be done (preferably in GUI as I'm not very strong in CLI on ASA) here's what they came back with.
access-list RemoteSite-NAT extended permit ip 172.16.5.0 255.255.255.0 10.50.48.0 255.255.255.0
static (inside,outside) 192.168.150.0 access-list RemoteSite-NAT
access-list RemoteSite-VPN extended permit ip 192.168.150.0 255.255.255.0 10.50.48.0 255.255.255.0
Does this look like a proper solution? If the remote side is trying to ping a device on my 172 network what would he use to ping - 192.168.150.1 OR 10.50.48.1? Do I need to make any changes to my switches to allow this traffic through? (I wouldn't think so as the ASA should be doing all the translation but...)
Thanks in advance!