Skip navigation
Cisco Learning Home > Certifications > Security (CCNP Security) > Discussions

_Communities

7602 Views 2 Replies Latest reply: Mar 28, 2012 3:50 AM by Jeron RSS

Currently Being Moderated

Cisco ASA Site to Site IPSEC VPN and NAT question

Mar 27, 2012 11:20 AM

Jeron 2 posts since
Nov 2, 2009

Hi Folks,

 

 

 

I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:

 

 

 

ASA2 is at HQ and ASA1 is a remote site. I have no problem setting up a static static Site to Site IPSEC VPN between sites. Hosts residing at 10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16 will communicate with hosts at 192.168.1.0/24 with translated addresses

 

 

 

Just an example:

 

Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet should be the same in this case .5)

The same translation for the rest of the communication (Host N2 pings host N3 destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)

It sounds a bit confusing for me but i have seen this type of setup before when I worked for managed service provider where we had connection to our clients (Site to Site Ipsec VPN with NAT, not sure how it was setup)

Basically we were communicating with client hosts over site to site VPN but their real addresses were hidden and we were using translated address as mentioned above 10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the same.

 

Appreciate if someone can shed some light on it.

Attachments:

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)