adding more than one global inside

Unanswered Question
Mar 27th, 2007
User Badges:
  • Silver, 250 points or more

We need to establish two site-to-site VPN sessions with different vendors. The problem is that each vendor is requesting us to use a specific IP range that they are providing to us and want us to statically NAT static (inside,outside) each worstation on our side that will connect to their network.

I am relunctant to do this because the config will become cumbersome but I might have to do it anyway.

This is the first time I have this type of request and was wondering if I can use global (inside) for each private network that we will connect to? Example is attached.

We also have some site-to-site VPNs that don't require this type of setting

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
bthibode Tue, 03/27/2007 - 17:34
User Badges:


The easiest way to get this done, in my opinion, would be to use the static command in your policy nat. Lets say that your internal network is and they want you to show up as We'll also say the remote network you're trying to reach is In that case, you would do something like this:

access-list policy_nat permit ip

static (inside,outside) access-list policy_nat

This will translate your network to the desired network only when you try to reach the remote network across the VPN.

Hope this helps!


Tshi M Wed, 03/28/2007 - 05:51
User Badges:
  • Silver, 250 points or more

I am a bit concerned using that since I already have an access-list nonat and aslo have nat (inside) 0 access-list nonat.

The current access-list nonat is used for the existing L-2-L that we have.

Tshi M Thu, 04/12/2007 - 09:41
User Badges:
  • Silver, 250 points or more

This posting was helpful since it leads me to my solution. However, the goal was to do a one on one static nat translation.



This Discussion