[c-nsp] NAt on cisco ASA 5505
Ryan West
rwest at zyedge.com
Mon Oct 15 09:46:39 EDT 2012
On Mon, Oct 15, 2012 at 09:22:38, Olivier CALVANO wrote:
>
> it's 8.0(3)
>
> 2012/10/15 Ryan West <rwest at zyedge.com>:
> > Is it 8.2 or 8.3+?
> >
> >>
> >> 192.168.10.0/24 in 192.168.235.0/24
> >>
> >> it's possible ?
> >>
> >> all request from 192.168.10.0 to a IP into the ipsec tunnel are
> >> changer in 192.168.235.x
Try this -
access-list policy-nat-192.168.235.0 extended permit ip 192.168.10.0 255.255.255.0 <remote_end_of_tunnel> 255.255.255.0
Static (inside,outside) 192.168.235.0 access-list policy-nat-192.168.235.0
For this to override other static NAT's, it needs to be at the top of list.
-ryan
More information about the cisco-nsp
mailing list