NAT through site to site VPN on ASA 5510

Unanswered Question
Mar 9th, 2007

We just implemented a site to site tunnel with another network and now need to NAT addresses from our LAN through the tunnel. Not sure how to do this correctly, and without breaking anything else.

The internal network is The tunnel allows traffic between and I need to translate to to get to Is there a way to do this on the ASA? Or do I need a router in front of the ASA to NAT addresses? Currently is being NAT'd outbound to a global pool for internet traffic, and that needs to stay in place.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Fri, 03/09/2007 - 15:14

Create an ACL :

access-list policy_nat permit ip

Create a static NAT with policy :

static (inside,outside) access-list policy_nat

And your crypto ACL will look like :

access-list cry_acl permit ip

That would not affect any other tunnel or the Internet traffic.

*Please rate if helped.


0rsnaric Mon, 03/26/2007 - 14:23

Hi Kanishka,

static (inside,outside) access-list policy_nat doesn't take. I get an error at policy_nat.

access-list policy_nat permit ip is okay.

Any suggestions?


This Discussion