NAT on VPN Tunnel Traffic

Unanswered Question
Oct 1st, 2008
User Badges:

We have created a new VPN tunnel to a 3rd party site and must NAT the traffic. We already have VPN tunnels terminating on our ASA. I've listed below relevant parts of the configuration.

nat (inside) 0 access-list INSIDE_NAT0_OUTBOUND

nat (inside) 1 access-list INSIDE_NAT1_OUTBOUND

nat (inside) 2

access-list INSIDE_NAT0_OUTBOUND extended permit ip

access-list INSIDE_NAT1_OUTBOUND extended permit ip

access-list INSIDE_NAT1_OUTBOUND extended permit ip

global (outside) 1

global (outside) 2 interface

The access list assigned to the VPN is:

access-list 3rd-party-vpn extended permit ip

Basically, we want traffic from our 10.x.x.x and 172.28.x.x networks destined for to be translated to We have managed to establish a tunnel, but are unable to connect to resources on the 3rd party site.

Any suggestions on where I have gone wrong?

Many thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
singhsaju Wed, 10/01/2008 - 05:18
User Badges:
  • Silver, 250 points or more

Can you post output of "show crypto ipsec sa" for us?



Pls rate helpful posts


This Discussion