[c-nsp] VPN with Static mapping - ASA5520
Mikisa Richard
rmikisa at gmail.com
Wed Feb 4 04:34:22 EST 2009
Hi all,
Scenario is the need to create a VPN tunnel to remote site but remote
site requires that the machine (local host) they connect to have a
public IP. So I have setup a static mapping 10.101.25.25 -> 41.202.X.X.
The tunnel comes up but the connection to the 10.101.25.25 fails. Conf
below. Point to note is that I have a working VPN tunnel to a different
remote site that uses local net as 10.101.25.0/24. Would the fact the I
am trying to use an IP from that range be the reason the connection fails?
!!
access-list acl-out extended permit ip any host 41.202.X.X
!!
access-list Inside_nat0_outbound extended permit ip host 41.202.X.X host
131.166.X.X
access-list Outside_80_cryptomap extended permit ip host 41.202.X.X host
131.166.X.X
!!
static (Inside,Outside) tcp 41.202.X.X ftp 10.101.25.25 ftp netmask
255.255.255.255
!!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map Outside_map 80 match address Outside_80_cryptomap
crypto map Outside_map 80 set peer 131.166.X.Y
crypto map Outside_map 80 set transform-set ESP-3DES-SHA
crypto isakmp nat-traversal 30
tunnel-group 131.166.X.X type ipsec-l2l
tunnel-group 131.166.X.X ipsec-attributes
pre-shared-key *
Regards
Richard
More information about the cisco-nsp
mailing list