Static Policy NAT for a VPN

Unanswered Question
Jun 9th, 2009

I think I have this configured properly, but wanted to verify. I need to have certain hosts NATed through a VPN tunnel (we have overlapping internal space between us). I want to verify what should be the translated interface. I configured it as the "outside" interface which I believe is what I want for VPNs. Is this correct?

Example: -> (Inside) ASA (Outside) -> -> Into Tunnel <- Customer's Side

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 06/09/2009 - 12:25


It can be any address you choose as long as that address is routed to you. For a site-to-site VPN you could just use a private address that is not in use by the third party.

But in answer to your specific question, yes the outside interface address is as good as any.



This Discussion