Cisco ASA5505 VPN Tunnel Using Nat

I have been asked to setup a site-site VPN tunnel using IPSEC. Building the tunnel is not a issue for me. However, the folks at the remote site are requiring that we provide a public ip address for our local host. which they will be connecting to. I have searched the cisco.com site and have not found a easy explained solution. The remote site wants a configuration simular to below

Remote Site VPN End Point: 1.1.1.1 Host Ip Address at remote site 2.2.2.1 and 2.2.2.2

Our site VPN End Point: 3.3.3.3 Local Host which will be tunneling traffic: They are requiring this to be a public ip. Currently we use RFC-1918 addresses which means we will have to translate a public address to our private host addresses.

Can I simply setup a static NAT statement which translates the public address to our private addresss as we are only using one host on our side?Then do I set "match address" to the public IP?

Thanks, Steve J

Reply to
Newbie72
Loading thread data ...

Anbody got any suggestions?

Reply to
Newbie72

This is a lot easier than most people think. Just nat the inside to an external IP.

static (inside,outside) 4.4.4.4 3.3.3.3 netmask 255.255.255.255

And then when you configure the ACLs for the VPN use the 4.4.4.4 as the host on your side. And do not configure a NoNat ACL.

That's it.

Scott

Reply to
Scott Stokes

I should have went back and closed this thread. you are right though. It ended up being alot easier than I thought.

I ran out time and threw caution to the wind a week or 2 ago and did just as you suggested and it now works flawlessly. Thanks for the reply.

Reply to
Newbie72

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.