Hi All,
I am setting up policy based VPNs to a client of ours with a cisco ASA device. They have multiple target subnets and require all traffic from my network to come from a predetermined ip range. Initially i setup a tunnel based vpn with a numbered tunnel interface. This allowed me to put a DIP on the tunnel interface and translate ip addresses. I couldnt move forward with this method since the screenOS i use (5.4.0r12) doesnt support multiple proxy ids on VPN setups so i switched to multiple policy based VPNs for each of the proxy IDs they gave me.
This leads to an interesting problem. I can not create a DIP on the untrust interface because there is no way for me to add a secondary IP.
I need to find a way to put a DIP on another interface and then have that traffic go into the policy based VPN after the ip address has been translated.
Any help would be greatly apprecaiated. Also let me know if you need specific details like config snippets or error logs. THANKS!