I have a site-to-site VPN I need to configure, but have a few questions. I have many other Site-to-Site VPN's configured on this ASA, but the interesting traffic for all the VPN's are a Private IP/Range. For this VPN, the interesting traffic will be Public IP's. One public IP on my side and one public IP on the remote end. My Current VPN's look like the following:
crypto isakmp policy 10
crypto map Outside_map0 8 match address Outside_cryptomap_7
crypto map Outside_map0 8 set peer x.x.x.34
crypto map Outside_map0 8 set transform-set ESP-AES-256-SHA
crypto map Outside_map0 8 set security-association lifetime seconds 28800
crypto map Outside_map0 8 set security-association lifetime kilobytes 4608000
access-list Outside_cryptomap_7 extended permit ip 10.10.0.0 255.255.192.0 172.19.8.0 255.255.252.0
access-list Inside_nat0_outbound extended permit ip 10.10.0.0 255.255.192.0 172.
global (outside) 1 interface
nat (inside) 0 access-list Inside_nat0_outbound
tunnel-group x.x.x.34 type ipsec-l2l
tunnel-group x.x.x.34 ipsec-attributes
As you can see the interesting traffic are private IP's. Would a VPN with the interesting traffic being public IP's be configured the same? The public IP on my side they need a VPN to currently does have a static NAT:
static (inside,outside) x.x.x.38 10.4.0.38 netmask 255.255.255.
Will this make a difference?