Thursday, April 25, 2019

ASA Woes - NAT

This is an extension of the post yesterday, here:

https://www.reddit.com/r/networking/comments/bgirkd/vpn_site_to_site_tunnel_acl_woes/

While the tunnel itself is up, I found another fun problem. The remote network can ping my device, but there is zero response.

Here is a map with fake ip's:

<Host [10.10.10.1](https://10.10.10.1)\>--[Switch]--(CORE)--[Switch]--{ASA 10.20.1.0}--&Cloud&--{RemoteFirewall 10.30.1.0}--[Remote Network 172.16.1.0]

The portion that is currently functioning is marked bold. I think that what I am missing is a route from the host ip address to the ASA. I resolved the reverse. There is a route on the ASA to the host, and since there is a route on the core to the host, it works.

Problem: The remote network that I need to route to, exists on the local network. I am at a total loss as to what to do. I know that I need a route from the core to the ASA for my host to reach back, but that has nothing to do with my host.

The remote network, we'll call it 172.16.1.0, since it is on my network as well, I need a dummy. I assumed that meant using NAT somehow....?

On a fortigate, you put a range, and the the mapped IP. I'm not sure how that carries over if you're trying to set it on the inside interface and not the outside.



No comments:

Post a Comment