Cannot access static nat addresse over vpn.

Answered Question
Sep 9th, 2010
User Badges:

I have an asa5510 where i have

a static nat from one interface to another.


i also have a VPN connection to the asa..


From the other side of the vpn connection, i cannot acces this Static nat.


192.168.170.x is the vpn network.

Is it not possible to access static nats over vpn?


object-group network DM_INLINE_NETWORK_16
network-object 192.168.0.0 255.255.255.0
network-object vxtron 255.255.255.0
network-object dmz_zone 255.255.255.0
network-object 192.168.170.0 255.255.255.0

access-list MPLS_nat0_outbound extended deny ip host 172.26.1.5 any

access-list MPLS_nat0_outbound extended permit ip 172.26.0.0 255.255.252.0 object-group DM_INLINE_NETWORK_16

access-list pnat1 extended permit ip host 172.26.1.5 any

static (MPLS,Inside) 192.168.0.199  access-list pnat1

nat (MPLS) 0 access-list MPLS_nat0_outbound
nat (MPLS) 1 172.26.0.0 255.255.252.0
static (MPLS,Inside) 172.26.1.5  access-list MPLS_nat_static

Correct Answer by hdashnau about 6 years 10 months ago

Rene, Glad you figured this one out on your own! If you could, please mark the post as resolved so we know it doesnt need further attention

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ReneRasmussen Thu, 09/09/2010 - 00:20
User Badges:

Ahh think i found the error.

i need a

static (MPLS,Outside) 172.26.1.5  access-list MPLS_nat_static_1

for each interface i want to access the nat from..


Learning something new each day.:)

Correct Answer
hdashnau Thu, 09/09/2010 - 05:59
User Badges:
  • Cisco Employee,

Rene, Glad you figured this one out on your own! If you could, please mark the post as resolved so we know it doesnt need further attention

Actions

This Discussion