But the Main office IT group wants us to PAT our private IPs to a single IP (10.70.4.70) for the tunnel. How would I incorporate that with the above configuration? I tried several ways
nat (inside) 1 192.168.1.1 255.255.255.0
global (outside) 1 10.70.4.70
but then I couldn't figure out how to route to the internet from there. Also, I don't know if it's better to PAT to that IP all the time, or only for the tunnel.. is there a cost/benefit in performance?
Appreciate any help you can give!
Re: ASA 5505 - site to site VPN and PAT IP
9 years 1 day ago #31052
This way you can make your L2L tunnel and still have a connection to the internet since the destination addresses of the internet are out side of the private IP ranges.
I have to warn you tho. Using this setup might cause problems with the stability of the VPN.