[c-nsp] IPsec VPN and Static NAT
Randy
randy_94108 at yahoo.com
Fri Jan 4 01:09:40 EST 2013
NAT happens *before* IPSEC.
--- On Thu, 1/3/13, Samol <molasian at gmail.com> wrote:
> From: Samol <molasian at gmail.com>
> Subject: [c-nsp] IPsec VPN and Static NAT
> To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Date: Thursday, January 3, 2013, 8:55 PM
> Hi All,
>
> I have topology like:
>
> LAN_A----->(RouterA)<------------>(ASA)<-----LAN_B
>
> Our requirements are :
>
> 1. IPsec VPN between the two sides
> 2. LAN_A goes to LAN_B will go thru VPN
> 3. On ASA, we want to have a Fake IP address(mapped IP eg.
> 192.168.55.0)
> that will map to LAN_B ( Traffic from LAN_A)
>
> I have configured all of that, but when i get VPN worked,
> and i put Static
> NAT on ASA to do the IP mapping, VPN doesn't work anymore.
> I'm wondering
> how ASA process the NAT and VPN interesting traffic. which
> one will ASA
> look first? example, when packet from LAN_B arrives on ASA,
> will it look at
> static NAT and then push that the translated IP address into
> VPN ? this
> confused me :(
>
> Please help!
>
> Regards,
> Sam
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list