Solved: NAT incoming VPN Tunnel

TJ Kelly · ‎12-08-2008

I have a new vpn tunnel that I would like to NAT to the internal network address space. The new tunnel is coming from 172.31.17.0 and the existing LAN on the ASA is 172.31.16.0 Is there a good solution to make the incoming tunnel hav a source address from the 172.31.16.0 network to access other resources?

Jon Marshall · ‎12-08-2008

Tom

Assuming it is a site-to-site VPN and assuming a spare IP address of 172.31.16.10

nat (outside) 2 172.31.17.0 255.255.255.0 outside

global (inside) 2 172.31.16.10

OR if you want to use the interface address

global (inside) 2 interface

Note i have used a nat-id of 2 in the example, just use a nat-id that is unused.

Jon

View solution in original post

Jon Marshall · ‎12-08-2008

Tom

Is this a site-to-site VPN tunnel ?

Do you have a spare IP address in the 172.31.16.x subnet or do you want to use the inside interface address on the ASA ?

Jon

TJ Kelly · ‎12-08-2008

Jon,

I could use either. The interface is 172.31.16.1 or I could utilize an open IP on the inside.

Tom

Jon Marshall · ‎12-08-2008

Tom