IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
access-list SiteB permit ip 10.128.0.0 255.128.0.0 Site A
nat (outside) 1 access-list SiteB outside
global (inside) 1 126.96.36.199 255.128.0.0
access-list SiteC permit ip 10.128.0.0 255.128.0.0 Site A
nat (outside) 2 access-list SiteC outside
global (inside) 2 188.8.131.52 255.128.0.0
Is this the problem that you
You cannot define inbound Policy NAT for both sites on Site A, since both come from the same source network to the same destination
The above configuration will translate Site B 10.128.0.0/9 to 184.108.40.206/9 when entering Site A, but it will overlap with the rule
for Site C.
For testing purpose to see if it works, you can define a portion of Site A for the VPN to Site B and another portion of Site A
for the tunnel to site C (so there won be overlapping and you can test if the Policy NAT works as intended).
I can test as you suggest, I just wasn sure where to start with the conflicting documentation Ive read.
What if I give my ASA another public IP and have SiteB terminate to one IP and SiteC terminate the a different IP? Would the configuration you provide still be valid and allow me to translate the same source addresses based on the different destination address?
Im so confused by Ciscos documentation. Ive read multiple documents numerous times and simply doesn clarfiy it in a way that is understandable to me. I passed my CCNA about 5 years ago and have been thrown into this current situation with the exit of our engieer. Im more of a Layer 2 guy and Ive had minimal exposure to VPN. I can throw together a site-to-site if I had to, Im just not sure how to deal with multiple customer VPNs with overlapping adddress.
Thank you for your help Federico.
I agree with you 100% unfortunately documentation sucks!
If you give the ASA a different public IP on another interface and terminate the other tunnel there, you can still
use the configuration of Policy NAT on Site A and it should work.
Give it a try and let us know if you need further help.
Appreciate the help Federico. I should have the config live within a week and will update this post with the results.