Route and NAT traffic via VPN, ASA

Dear All,

I'd kindly ask you for your expert help and advice with a challenge we're facing these days:

We have two sites, on both sides there is ASA firewall with 9.1.3 image and there is IPSec VPN between them. Users can access resources from Site A to Site B and vice versa without a problem.

VoIP provider has brought a link for SIP trunk to Site B and gave us small subnet so we could connect to their SIP proxy. Only connections from that subnet (= IP 10.10.10.242) to their proxy are allowed. I've added new interface on Site B ASA, defined the subnet and added default route.

Our VoIP server is located on Site A and we'd like to keep it that way.

In order to route the traffic from VoIP server on Site A to SIP proxy that's connected to Site B, I've added SIP proxy's IP to crypto access list. With that, traffic from our VoIP server reaches SIP proxy, but the source ip address of this traffic at VoIP provider's end shows up as 192.168.0.10 and not 10.10.10.242.

Obviously I'd need some kind of NAT, but for life of me I can't make it work. I've also exhausted trial and error options :)

Can you help? Also attaching a simple diagram. All IP addresses are fictive.

Diagram
Big thanks in advance,

Andrej
Andrej GAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
OK, Whats 10.10.10.242/30 is that in interface on the ASA? (or VLAN if your using 5505s)

You would need to PAT all traffic from 192.168.0.0/24 destined for 10.10.4.8 to 10.10.10.242 like so;

Cisco AnyConnect - PAT External VPN Pool To An Inside Address

Where in your case the Pool is the subnet at Site A
Pete

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andrej GAuthor Commented:
Thank you, that approach worked.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.