• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 652
  • Last Modified:

Natting Configuration Help for Cisco ASA Site to Site VPN Tunnel

Hi ,

I am configuring site to site vpn tunnel for a client to access my office printer. They have ask me to NAT my printer IP (10.x.x.x) to Public ip (100.x.x.x) . In configuration details they had also given a Public Natted remote network.  

How to nat the pubilc ip to private ip ? below are the details :

my printer ip  : 10.10.10.59
client remote network : 100.14.0.0 /16
and client is asking to nat the printer ip to 100.12.10.89


Sample Configuration :

name 8.xx.xxx.x Client_Peer


object-group network my_office
network-object 10.10.10.59 255.255.255.0

object-group network Client
network-object 100.10.0.0 255.255.0.0


access-list  ISP-1_1_cryptomap extended permit ip object-group my_office object-group Client
access-list  LAN-1_nat0_outbound extended permit ip object-group my_office object-group Client

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac


crypto map ISP-1_map 1 match address ISP-1_1_cryptomap
crypto map ISP-1_map 1 set peer 8.xx.xxx.x
crypto map ISP-1_map 1 set transform-set ESP-3DES-MD5
crypto map ISP-1_map 1 set security-association lifetime seconds 28800


tunnel-group 8.xx.xxx.x type ipsec-l2l
tunnel-group 8.xx.xxx.x ipsec-attributes
pre-shared-key abc@123

then route the peer ip , remote network.
0
Swaroop Katargunde
Asked:
Swaroop Katargunde
1 Solution
 
Alan Huseyin KayahanCommented:
Add the following in your config

access-list PNAT_Printer permit ip host 10.10.10.59 object-group Client
static (inside,outside) 100.12.10.89 access-list PNAT_Printer
access-list  ISP-1_1_cryptomap extended permit ip host 100.12.10.89 object-group Client
access-list  line 1 LAN-1_nat0_outbound extended deny ip host 10.10.10.59 object-group Client

In addition, you have mentioned in your question that the Client network is 100.14.0.0/16 whereas it is 100.10.0.0/16 in your config
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now