VPN
Configuring a Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 346
8
NOTE: The VPN firewall rules that are automatically generated by the zone
access control settings will be added to the list of firewall rules with the
priority higher than default firewall rules, but lower than custom firewall rules.
•Apply NAT Policies: Click On to apply the NAT s ettings for both the local
network and the remote network communicating over the VPN tunnel. This
option is particularly useful in cases where both sides of a tunnel use either
the same or overlapping subnets.
-Translates Local Network: To translate the local network, select a
translated address object for the local network.
-Translates Remote Network: To translate the remote network, select a
translated address object for the remote network.
If the address object that you want is not in the list, choose Create a new
address to add a new address object or choose Create a new address
group to add a new address group object. To maintain the address or
address group objects, go to the Networking > Address Management page.
See Address Management, page175.
Figure 4 shows a networking example that simulates two merging
companies with the same IP addressing scheme. Two routers are connected
with a VPN tunnel, and the networks behind each router are the same. For
one site to access the hosts at the other site, Network Address Translation
(NAT) is used on the routers to change both the source and destination
addresses to different subnets.