Site-to-Site VPN same private LAN's How to Nat

Unanswered Question
Dec 22nd, 2008

I'm migrating a Netscreen 10 config to a ASA 5510.

I'm trying to understand Nat across the tunnel.

LAN on both sides has /24

Currently, I have several tunnels that Nat Networks and hosts to . I would like to to understand how to properly NAT the tunnel traffic in the same manner using the ASA.

I've looked at documentation but it seems confusing.

Does anyone have a simple CLI config or ASDM example that may provide a working config I can play with?

inside /24

outside /24

dmz /24

Nat address for Networks and hosts.


Can I use the same NAT for multiple tunnels?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 12/22/2008 - 12:38

Hi John,

I don't know if you have seen this link, if not take a look at it, in PIX/ASA you can accomplish the same , I do not know how netscreeen process NAT I cannot comment on it but I am sure it is probably the same principle. In your scenario you have several tunnels and have a tunnel at other end with same network as yours. You can use Policy NAT as this is how you can NAT overlapping networks, Policy NAT can be used in many other ways based on various requirements ... overlaping networks in L2L vpns is one of them.

I don't see why you could not use the same NAT network for any other tunnels, it would be a matter to work with the crypto acls and policy nat access list.

There is another link on NAT functionality I cannot locate now but I will provide it as soon as I find it.



This Discussion