Creata a NAT

Unanswered Question
Oct 14th, 2008


I have an IP address that I need to NAT on my Cisco ASA 5520.

I have a VPN to another company and I need to allow this IP through this VPN tunnel but it clashes with an IP at there end.

I need to NAT which is on the instide interface of my ASA to on the outside interface where the VPN is located.

How can I do this?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
whiteford Tue, 10/14/2008 - 06:11

Hi Andrew,

To make it simple for me could I just add a static NAT from to

If so would this be inside to outside? They need to be able to ping

whiteford Wed, 10/15/2008 - 00:48

You are right Andrew, I need to get this to work as I don't want this to be "NAT'ed" everywhere.

I have a VPN where sits (ASA VPN so Outside?), (my inside) needs to ping this, however is already used by this company where the VPN is, we agreed to use

That web link looks quite advances, can you add the example you would use?


You need to configure the below:-

access-list policy-vpn-nat extended permit ip host host (Source of to destination = true)

access-list crypto-vpn extended permit ip host host (once the above access-list has been hit, the NAT will take place, then the source of to desintation is valid for the VPN)

static (inside,outside) access-list policy-vpn-nat (NAT the source IP of to - based on the acl policy-vpn-nat)

The remote end muct have the same encryption domain for hthe VPN to establish.


whiteford Thu, 10/16/2008 - 07:46


I will copy this into my ASA config and let you know.



This Discussion