Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

Hairpin with NAT (PAT)

dylan.ebner
Level 1
Level 1

‎09-10-2009 07:35 AM - edited ‎02-21-2020 03:40 AM

I have a L2L tunnel setup with a customer where we access a web based application. To get to the app, we PAT the traffic from our inside interface before sending it to them. I need to extend access to users who are sitting at another site on another L2L tunnel. How can I accomplish this?

0 Helpful
1 Reply 1

acomiskey
Level 10
Level 10

‎09-10-2009 10:15 AM

= users on other l2l tunnel needing access to web host

same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

Make sure the web host they are accessing is part of the crytpo acl for the l2l tunnel on the local end.

access-list crypto extended permit ip host

and a mirror image on the far end.

access-list crpyto extended permit ip host

and also nat 0 for the far end...

access-list nat0 extended permit ip host

nat (inside) 0 access-list nat0

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card