Cisco ASA - NAT'ing VPN traffic
Posted
by
DrStalker
on Server Fault
See other posts from Server Fault
or by DrStalker
Published on 2011-01-05T07:03:04Z
Indexed on
2011/01/05
7:55 UTC
Read the original article
Hit count: 264
I have an IPsec VPN setup like this:
[Remote users]-[Remote ASA] <-VPN-> [My ASA]-[Subnet A]-[Router 2]-[Subnet B]
The VPN is set to handle traffic between [remote users] and [Subnet A]; it does not include [Subnet B]. Pretend the firewall rules for all routers are to permit everything.
Now I want to redirect traffic that comes over the VPN to a specific IP on [subnet A] (192.168.1.102) to an IP on [Subnet B] (10.1.1.133)
If I add a rule on [My ASA] to NAT traffic to original IP 192.168.1.102 to new IP 10.1.1.133,
1) Will this affect the connections coming in over the VPN? (ie: the VPN packets are unencrypted and then NAT is applied) 2) Will this work when the post-NAT target is on Subnet-B, which is not part of the VPN traffic selection?
© Server Fault or respective owner