Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: [HELP] Configure NAT-PAT on ASA

[HELP] Configure NAT-PAT on ASA 8 years 1 month ago #28054

  • pipos
  • pipos's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hi guys,
we have configured a VPN tunnel l2l, now we would like to translate our inside network (172.16.201.0/24) in a single IP (like 192.168.1.99).
In this way, the network peer look only one host.

This is possible??? How???

OUR TOPOLOGY_______________________



TIA!!!!
The administrator has disabled public write access.

Re: [HELP] Configure NAT-PAT on ASA 8 years 3 weeks ago #28098

  • r0nni3
  • r0nni3's Avatar
  • Offline
  • Distinguished Member
  • Posts: 107
  • Karma: 0
Yes this is possible. I'm not sure if this will work but i can make you an example configuration for the NAT process.

access-list vpnnat permit ip 172.16.201.0 255.255.255.0 172.16.200.0 255.255.255.0
!
global (outside) 25 192.168.1.99
!
nat (inside) 25 access-list vpnnat

This will get you a many to one translation. Wich i experienced to be a bit problematic so you might be better off using a one to one translation. That would look like this.

access-list vpnnat permit ip 172.16.201.0 255.255.255.0 172.16.200.0 255.255.255.0
!
static (inside,outside) 192.168.1.0 access-list vpnnat

The last configuration has proven to be the most stable (at least from my experience).

*edit* Not sure if i should tell you this but just to make sure. Make sure you use the NATed subnet in the access-list to permit traffic over the tunnel on the other side.


Ron.
Currently working as Cisco Engineer at Neon-Networking.

Certifications:
CCNA - Have it
CCNA Security - Have it
CCSP - Almost!!!!
CCIE Security - Not so far away dream
The administrator has disabled public write access.

Re: [HELP] Configure NAT-PAT on ASA 8 years 3 weeks ago #28119

  • pipos
  • pipos's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Thank foer your response.
But the translation is one-to-one.

The problem is ESP that cannot support PAT over VPN tunnel because is a layer 3 protocol and don't have a specific field for port tcp/udp.

Best regards
The administrator has disabled public write access.
Time to create page: 0.073 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup