ASA VPN - NAT Peer network

Unanswered Question
Oct 13th, 2007
User Badges:

We have a requirement to NAT every site-to-site VPN host into a specific range of IPs. For example, A remote host is, we need to NAT this on our ASA to through to the destination network.. This needs to be a 1-to-1 static nat for inbound and outbound communication to our network. Does this only require a static (inside,outside) along with static (outside,inside) or is there more that is needed? Any help is greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thefindjack Mon, 10/15/2007 - 11:05
User Badges:

You will have to do a static translation for each one or you can use a nat-pool. Static (inside,outside) works both ways, there is no need for the (outside,inside) you are refering to.

Please rate if this is helpful. Thanks

You can also do a policy static for this. This allows you to statically xlate to a specific IP for certain traffic then use a NAT/Global pair for everything else.


access-list pnat extended permit ip host host

static (inside,outside) access-list pnat

nat (inside) 1 0 0

global (outside) 1 interface



This Discussion