[c-nsp] ASA Mapping Outside IP address to an address on a remove VPN?

Howard Leadmon howard at leadmon.net
Thu Jul 24 21:34:02 EDT 2014


I have someone with an ASA5510 that is still running on 8.2.2 code, and has
asked me an interesting question so I thought I would post and see if anyone
has any solution, as my google fu seems to have failed me on this one.

I have the following scenario in play:


  Internet <----> ASA5510 <----> VPN Remote Location


Let's say I have 207.114.24.10/24 on the internet facing side of the ASA,
and on the LAN side of the ASA I have 10.0.0.10/16.

OK, now let's say I have a VPN tunnel to the remote location, and over at
that location I have 192.168.0.50 on a server, with that being a /24 network
as well.    This is a site to site VPN that is always up between two distant
locations.   

I have been asked to take and use 207.114.24.50 on the Internet side of the
ASA5510 firewall, but to NAT it across so it is pointing at the 192.168.0.50
server.       So if you telnet (or pick your desired port) in to the public
IP of 207.114.24.50, that the firewall will map that across and connect you
to 192.168.0.50 over at the remote location.

 I know mapping stuff just across to the internal LAN is simple, but I have
honestly never tried to take an outside IP address and map it across to a
server over a VPN at a remote location.   Has anyone done this, and can they
give me some pointers if you have had any luck.   I am push them up to 8.4
or even a 9.x release if needed, but at the moment the unit has 8.2.2
installed on it.

 Thanks for any help...


---
Howard Leadmon 





More information about the cisco-nsp mailing list