Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA (IPSEC VPN tunnel with Public Routed IP's) - Help / Advice

Status
Not open for further replies.
Russellwilson01

Russellwilson01

Technical User
May 23, 2011
4
GB
Hello,

I am trying to configure an ASA 5520 with the following IPSEC VPN Tunnel (please see the attachment for a better idea)

But basically, we are having to use public Routable Ip's on both sides of the tunnel due to IP conflicts on either side of the tunnel.

We have an IPSEC tunnel between a /32 and a /30 (both public routable ranges) and we need to NAT / PAT these ip's at either end to a single internal IP.

Any help would be greatly appreciated!
 
Sort by date Sort by votes
Forgot to say i've got the outgoing connection to work with the following cmd, but incoming still fails.

access-list LAN_nat_outbound_1 line 1 extended permit ip 192.168.11.0 255.255.255.0 PUBLICROUTABLE IP on site B (/30) 255.255.255.252
nat (LAN) 1 access-list LAN_nat_outbound_1 tcp 0 0 udp 0
global (LAN) 1 "PUBLICROUTABLE IP on site A" (/32) netmask 255.0.0.0
 
Upvote 0 Downvote
Sorry the command should have been:

access-list LAN_nat_outbound_1 line 1 extended permit ip 192.168.11.0 255.255.255.0 PUBLICROUTABLE IP on site B (/30) 255.255.255.252
nat (LAN) 1 access-list LAN_nat_outbound_1 tcp 0 0 udp 0
global (WAN) 1 "PUBLICROUTABLE IP on site A" (/32) netmask 255.0.0.0
 
Upvote 0 Downvote
surely its just a case of telling your vpn traffic not to bypass local nat / pat rules and route all IP traffic on the remote site down the vpn?

ACSS - SME
General Geek

1832163.png
 
Upvote 0 Downvote
Not as simple as you might think "hairlesssupportmonkey", i've managed to get the connection working from site A > Site B but i'm unable to get the ASA to translate the public routable IP on site A to the internal address i need.

What i need to setup is the following.

Site B /30 >IPSEC Tunnel> site A /32(public IP) Translated to an Internal LAN Address /32

Enabling traffic from site B to one IP in site A.

At the moment one Internal IP is NAT translated to Site A's public IP and then able to access the /30 on site B via the IPSEC tunnel.
 
Upvote 0 Downvote
why not set up a seperate vlan with your publics ips and tell the remote device on the same vlan that its default gateway it the site with the public ips

site A = Public Vlan5 <-vpn-> site B =public Vlan5

or something to that effect.

without having something to test on its all speculation... just throughing ideas into the pot :)

ACSS - SME
General Geek

1832163.png
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
582
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
521
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
565
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
126
WhosYourDiffie
WhosYourDiffie
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
278
AllenH12
AllenH12

Part and Inventory Search

Sponsor

Back
Top