Site-to-Site VPN on Cisco ASA5520 and interesting traffic

I have a site-to-site VPN I need to configure, but have a few questions.  I have many other Site-to-Site VPN's configured on this ASA, but the interesting traffic for all the VPN's are a Private IP/Range.  For this VPN, the interesting traffic will be Public IP's.  One public IP on my side and one public IP on the remote end.  My Current VPN's look like the following:

crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400

crypto map Outside_map0 8 match address Outside_cryptomap_7
crypto map Outside_map0 8 set peer x.x.x.34
crypto map Outside_map0 8 set transform-set ESP-AES-256-SHA
crypto map Outside_map0 8 set security-association lifetime seconds 28800
crypto map Outside_map0 8 set security-association lifetime kilobytes 4608000


access-list Outside_cryptomap_7 extended permit ip 10.10.0.0 255.255.192.0 172.19.8.0 255.255.252.0

access-list Inside_nat0_outbound extended permit ip 10.10.0.0 255.255.192.0 172.
19.8.0 255.255.252.0

global (outside) 1 interface
nat (inside) 0 access-list Inside_nat0_outbound

tunnel-group x.x.x.34 type ipsec-l2l
tunnel-group x.x.x.34 ipsec-attributes
 pre-shared-key *****

As you can see the interesting traffic are private IP's.  Would a VPN with the interesting traffic being public IP's be configured the same?  The public IP on my side they need a VPN to currently does have a static NAT:

static (inside,outside) x.x.x.38 10.4.0.38 netmask 255.255.255.

Will this make a difference?
LVL 4
denver218Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rauenpcCommented:
Nope. This should more or less configure the same except that you'll have an actual nat instead of an exemption in place, and your crypto acl will reference the nat'd ip addresses. Bear in mind that the nat statements are directional... If you can initiate traffic to the remote end, the reverse might not be true without the right nat statements in place.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
denver218Author Commented:
Setup was exactly the same.  The only difference is that I didn't have to configure a NAT exception since there was a static NAT in place.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.