troubleshooting Question

Cisco ASA 5505 8.4 vpn tunnel with NAT issue

Avatar of snowdog_2112
snowdog_2112Flag for United States of America asked on
2 Comments1 Solution1518 ViewsLast Modified:
I have a PIX 515 and an ASA 5505 (8.4 code).  The PIX is currently working with a tunnel to a 3rd party vendor. I need to replicate the function on the ASA (new ISP link).

The unusual bit in the PIX VPN config is the inside LAN is NAT'd to one of the PUBLIC IP's before it goes into the tunnel - i.e., traffic from my LAN comes out on the remote side as a single PUBLIC IP from my public IP space.

I'm not sure how to do the same in the ASA 8.4 code.

From the working PIX:
My internal network space is NAT'd to 66.x.y.119 by the "nat/global 2"

crypto map vpn_map 10 ipsec-isakmp
crypto map vpn_map 10 match address acl_east
crypto map vpn_map 10 set peer 63.y.y.214
crypto map vpn_map 10 set transform-set xform_set

access-list vendor_nat permit ip 199.x.x.0

access-list acl_east permit ip host 66.x.y.119 199.x.x.0

nat (inside) 2 access-list vendor_nat 0 0

global (outside) 2 66.x.y.119
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 2 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros