Link to home
Start Free TrialLog in
Avatar of prlit
prlit

asked on

Cisco ASA 5510 Dynamic nat

Good morning everyone,

We currently have a VPN setup with a client. We now need our home users to access their resources as well. Normally I can just add the home users pool (192.168.253.0) to each end of the tunnel, however the client already has a VPN with a 192.168.253.0. So, my idea is to have the 192.168.253.0/24 translated into 10.66.253.0/24 when it tries to hit the client side (192.168.100.0/24).

I'm pretty sure I need to setup a Dynamic nat policy, but I haven't really done this before. Any help would be beneficial! Thanks
Avatar of rauenpc
rauenpc
Flag of United States of America image

What version of ASA do you have? If you have 8.3 or later you can use twice nat. Example:
http://www.fir3net.com/Cisco-ASA/cisco-asa-twice-nat.html

Depending on the complexity of your ASA and network, it might be easier to just change the VPN client pool.
Avatar of prlit
prlit

ASKER

8.2. I could do that for the one client, but our network is pretty complex. I'd have to change about 80+ tunnels to if I change the pool.

Could I do something like..

access-list Exempt permit ip 10.66.253.0 255.255.255.0 192.168.100.0 255.255.255.0
global (inside) 2 10.66.253.0 netmask 255.255.255.0
nat (inside) 2 access-list Exempt

And Of course, add the 10.66.253.0/24 to the tunnels.
ASKER CERTIFIED SOLUTION
Avatar of rauenpc
rauenpc
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of prlit

ASKER

Thanks! I had it right with my commands, but your outside part I didn't have right. Thanks for your help.