ASA 5510 and NAT to Site-to-Site

I have a site to site VPN set up. Going forward I would like to take the outside interface IP that is encrypted inside the packet to another IP. Basically there is a router in front of the ASA and it gets a number of for example. When the ASA sends the packet over the VPN tunnel encrypted it of course says the source is I basically want to change that number to represent the outside IP address. Is this possible? The IP header on the packet does show the static outside address just not the encrypted ip header field.
Reply to
Loading thread data ...

Encapsulation is what is being discussed, not encryption. Outside interface address of which device, the ASA or the router? You are referring to changing an inner (encapsulated) address here, but later refer to changing an outer (encapsulating) address.

"Of course" because the router uses NAT, or "of course" because the router is doing the encapsulation rather than the ASA?

This says you want to change an outer (encapsulating) address.

It would be best if you stated:

  • Which device is doing the encapsulation.
  • Are you using NAT, and if so, on which device.
  • Which ESP Mode is currently being used with your IPSec transform (Tunnel, Transport).
  • Are you using GRE.

Best Regards, News Reader

Reply to
News Reader Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.