cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
275
Views
0
Helpful
1
Replies

Static Policy NAT for a VPN

jim_berlow
Level 3
Level 3

I think I have this configured properly, but wanted to verify. I need to have certain hosts NATed through a VPN tunnel (we have overlapping internal space between us). I want to verify what should be the translated interface. I configured it as the "outside" interface which I believe is what I want for VPNs. Is this correct?

Example:

10.1.1.1 -> (Inside) ASA (Outside) -> 1.2.3.4 -> Into Tunnel <- Customer's Side

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Jim

It can be any address you choose as long as that address is routed to you. For a site-to-site VPN you could just use a private address that is not in use by the third party.

But in answer to your specific question, yes the outside interface address is as good as any.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: