ASA 5510 and NAT to Site-to-Site

- R
- rossk
  
  Contact options for registered users
posted
14 years ago

Thu, May 1, 2008 4:15 AM

I have a site to site VPN set up. Going forward I would like to take the outside interface IP that is encrypted inside the packet to another IP. Basically there is a router in front of the ASA and it gets a number of 192.168.1.5 for example. When the ASA sends the packet over the VPN tunnel encrypted it of course says the source is

192.168.1.5. I basically want to change that number to represent the outside IP address. Is this possible? The IP header on the packet does show the static outside address just not the encrypted ip header field.

Loading thread data ...

- N
- News Reader
  
  Contact options for registered users
posted
14 years ago

Thu, May 1, 2008 1:21 PM

Encapsulation is what is being discussed, not encryption. Outside interface address of which device, the ASA or the router? You are referring to changing an inner (encapsulated) address here, but later refer to changing an outer (encapsulating) address.

"Of course" because the router uses NAT, or "of course" because the router is doing the encapsulation rather than the ASA?

This says you want to change an outer (encapsulating) address.

It would be best if you stated:

Which device is doing the encapsulation.

Are you using NAT, and if so, on which device.

Which ESP Mode is currently being used with your IPSec transform (Tunnel, Transport).

Are you using GRE.

Best Regards, News Reader

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.