Cisco ASA - NAT'ing VPN traffic

Posted by DrStalker on Server Fault See other posts from Server Fault or by DrStalker
Published on 2011-01-05T07:03:04Z Indexed on 2011/01/05 7:55 UTC
Read the original article Hit count: 260

Filed under:
|
|
|
|

I have an IPsec VPN setup like this:

[Remote users]-[Remote ASA] <-VPN-> [My ASA]-[Subnet A]-[Router 2]-[Subnet B]

The VPN is set to handle traffic between [remote users] and [Subnet A]; it does not include [Subnet B]. Pretend the firewall rules for all routers are to permit everything.

Now I want to redirect traffic that comes over the VPN to a specific IP on [subnet A] (192.168.1.102) to an IP on [Subnet B] (10.1.1.133)

If I add a rule on [My ASA] to NAT traffic to original IP 192.168.1.102 to new IP 10.1.1.133,

1) Will this affect the connections coming in over the VPN? (ie: the VPN packets are unencrypted and then NAT is applied) 2) Will this work when the post-NAT target is on Subnet-B, which is not part of the VPN traffic selection?

© Server Fault or respective owner

Related posts about networking

Related posts about vpn