STEP 1:
access-list policy-nat-acl extended permit ip your-internal-ip 255.255.255.0 your-destinationIP 255.255.0.0
==
access-list COMPANYA extended permit ip host 207.108.219.254 10.30.4.0 255.255.255.128 == no need here.
access-list COMPANYA extended permit ip host 192.168.1.159 10.30.4.0 255.255.255.128 ***should be
Identify interesting traffic as source and destination needed to be natted on above ACL.
-------------------------------------------------------------
STEP 2:
static (inside,outside) xxx.xxx.xxx.xxx access-list policy-nat-acl ====
static (INSIDE,OUTSIDE) 207.108.219.250 192.168.1.159 netmask 255.255.255.255
static (INSIDE,OUTSIDE) 207.108.219.250 access-list COMPANYA ===should be this.***
Now static-nat your source-private to pbulic address in the "xxx.xxx.xxx.xxx" use the public ip range as you wish.
-------------------------------------------------------------
STEP3:
access-list outside_4_cryptomap extended permit ip xxx.xxx.xxx.xxx mask.mask.mask.mask 172.x.0.0 255.255.0.0
access-list COMPANYA extended permit ip host 207.108.219.254 10.30.4.0 255.255.255.128
in the crypto-acl above you could use network address itself plus its mask or an IP address along but be consistance with step 2, the remainging config is just like regular vpn tunnel setup.
No comments:
Post a Comment