[c-nsp] IPsec VPN and Static NAT

Samol molasian at gmail.com
Fri Jan 4 03:26:15 EST 2013


Thanks, I get it worked now :)

Regards,
Samol


2013/1/4 Randy <randy_94108 at yahoo.com>

> NAT happens *before* IPSEC.
>
> --- On Thu, 1/3/13, Samol <molasian at gmail.com> wrote:
>
> > From: Samol <molasian at gmail.com>
> > Subject: [c-nsp] IPsec VPN and Static NAT
> > To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> > Date: Thursday, January 3, 2013, 8:55 PM
> > Hi All,
> >
> > I have topology like:
> >
> > LAN_A----->(RouterA)<------------>(ASA)<-----LAN_B
> >
> > Our requirements are :
> >
> > 1. IPsec VPN between the two sides
> > 2. LAN_A goes to LAN_B will go thru VPN
> > 3. On ASA, we want to have a Fake IP address(mapped IP eg.
> > 192.168.55.0)
> > that will map to LAN_B ( Traffic from LAN_A)
> >
> > I have configured all of that, but when i get VPN worked,
> > and i put Static
> > NAT on ASA to do the IP mapping, VPN doesn't work anymore.
> > I'm wondering
> > how ASA process the NAT and VPN interesting traffic. which
> > one will ASA
> > look first? example, when packet from LAN_B arrives on ASA,
> > will it look at
> > static NAT and then push that the translated IP address into
> > VPN ? this
> > confused me :(
> >
> > Please help!
> >
> > Regards,
> > Sam
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>


More information about the cisco-nsp mailing list