I have an ASA that I'm leveraging as my VPN Device for L2L Tunnels as well as my internet gateway for user browsing. I need to NAT a particular IP address to a different IP address when going over the VPN tunnel to a particular partner. Also that partner will need to initiate connections to me, so essentially the NAT will need to work both ways.
I'm thinking back in the pre 8.4 days I remember doing this with a policy NAT via an ACL but i'm not sure if that would have worked with connection are initiated from the outside.
How can I an IP address to a particular IP when going over a L2L tunnel while maintaining the "overload" NAT when going out to the internet.
Edit: I think I came up with a config solution. What do you guys think?
// Local host on my inside
object network LOCAL
subnet 10.1.1.1 255.255.255.255
// Local IP I will be NATing my local host to
object network XLATED-LOCAL
subnet 192.168.1.1 255.255.255.255
//Host on the other end of the tunnel
object network XLATED-REMOTE
subnet 172.16.1.1 255.255.255.255
nat (inside,outside) source static LOCAL XLATED-LOCAL destination static XLATED-REMOTE XLATED-REMOTE
No comments:
Post a Comment