L2L IPsec VPN with Policy NAT

Unanswered Question
Nov 13th, 2008
User Badges:

Hello All,


I am having some issue with L2L IPsec with policy nat. I can not ping any host on both side of the tunnel. Tunnel is establish with no problem but there is no traffic going through. If I take off the policy nat, everything works fine. How can I make it work with policy nat. I've attached the configuration for both asa. Attachment file name - bothASAconfig.txt.


Please help!


Thanks,





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (1 ratings)
Loading.
acomiskey Thu, 11/13/2008 - 11:36
User Badges:
  • Green, 3000 points or more

When you add the policy nat you need to remove the nat exemption. Nat exemption always happens first, so as long as it's there, your policy nat won't happen.


no access-list inside_nat_exempt extended permit ip 10.1.0.0 255.255.255.0 10.198.0.0 255.255.255.0

Actions

This Discussion