NAT through the IPsec tunnel

Unanswered Question
Jul 26th, 2009
User Badges:

Hi All,

I need to establish an IPsec Lan-to-LAN tunnel between an ASA and a Cisco router.

I also need to NAT both LANs on both sides when the traffic goes through the tunnel.

I know how to do ''Policy NAT'' on the ASA, so that you can define with an ACL and with a NAT/GlOBAL or STATIC command you can define the policy, and then the CRYPTO ACL defines the traffic from the translated addresses...

My question is on the Router side...

How do I do Policy NAT on the router?

I have tried creating a pool of addresses for the INSIDE LAN but I'm having some problems.


Can I establish the tunnel from either side (ASA or Router)? I ask this because if there's no translation established, I cannot communicate with the device on the other end...

Whay I want to accomplish is to be able to NAT on both sides (ASA & Routers) and be able to establish the tunnel from either side... Is this possible and how?

Thank you!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
fedecotof Mon, 07/27/2009 - 11:45
User Badges:

Can somebody help me with this?

Basically I need to know how to implement Policy NAT in the Router side to NAT the inside network to another range and know how to be able to establish the IPsec tunnel from either side.

Thank you.



This Discussion