[c-nsp] ASA Site to Site VPN

Dave Lim dave.daturax at gmail.com
Thu Jul 12 05:27:43 EDT 2007


I have a site to site VPN requirement. My client was to NAT the private IP
add to an ip on the outside interface before it traverse via the ASA tunnel.

Site 1
ASA outside: 192.168.1.1/24
ASA inside: 10.171.1.1/24

Site 2
ASA outside: 172.16.1.1
ASA inside: 151.193.141.0/24

I have establised a site to site vpn tunnel for them and all packets are
able to traverse via the VPN tunnel. But they have a wierd requirement, they
want the ASA to NAT the inside network to the IP add of 192.168.1.2 before
it is being encapsulated via the IPsec tunnel.

This is so in site 2, the packets will be seen as a source ip add of
192.168.1.2 and not 10.171.1.1. They want to hide their private network ip
add range from site 2.

Is this technically possible?


More information about the cisco-nsp mailing list