Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
2
Replies

ASA VPN - NAT Peer network

cbaysystems
Level 1
Level 1

‎10-13-2007 05:54 PM - edited ‎03-11-2019 04:25 AM

We have a requirement to NAT every site-to-site VPN host into a specific range of IPs. For example, A remote host is 10.1.1.200, we need to NAT this on our ASA to 172.24.202.1 through to the destination network.. This needs to be a 1-to-1 static nat for inbound and outbound communication to our network. Does this only require a static (inside,outside) along with static (outside,inside) or is there more that is needed? Any help is greatly appreciated.

Labels:
0 Helpful
2 Replies 2

thefindjack
Level 1
Level 1

‎10-15-2007 11:05 AM

You will have to do a static translation for each one or you can use a nat-pool. Static (inside,outside) works both ways, there is no need for the (outside,inside) you are refering to.

Please rate if this is helpful. Thanks

0 Helpful

jwalker
Level 3
Level 3

‎10-15-2007 02:01 PM

You can also do a policy static for this. This allows you to statically xlate to a specific IP for certain traffic then use a NAT/Global pair for everything else.

Example:

access-list pnat extended permit ip host 192.168.1.1 host 172.16.1.1

static (inside,outside) 10.1.1.1 access-list pnat

nat (inside) 1 0 0

global (outside) 1 interface

Jay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card