vpn between asa and cisco 877 router

Unanswered Question
Apr 27th, 2012
User Badges:


i am trying to setup vpn between asa and cicso 877 router (in the pas i have setupo between asa and asa, pix and pix but not between asa and router)

I am confused with the nonat concept in cisco router (for vpn).  i mean why do you need a route-map and deny the traffic. could you throw some light on this ?

cisco link



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Fri, 04/27/2012 - 09:51
User Badges:
  • Cisco Employee,

Same as on ASA/PIX NAT is performed before encryption and after decryption.

How you will define traffic not to his NAT (or to hit it) is up to you, routing (VTI/GRE interface), access-list or route-map.

There is no concept of "no nat" on IOS routers.


ROBERTO TACCON Fri, 04/27/2012 - 10:02
User Badges:


ip nat inside source route-map nonat interface FastEthernet0 overload


access-list 110 deny ip

access-list 110 permit ip any


route-map nonat permit 10

match ip address 110


or better (if you have for example the IP public


ip nat pool prefix-length 30


ip nat inside source list nat-to-internet pool overload


ip access-list extended nat-to-internet

deny   ip

permit ip any

deny   ip any any


Network Pro Sat, 04/28/2012 - 05:50
User Badges:

hi, thanks for this

what does this line do ?

ip nat inside source route-map nonat interface FastEthernet0 overload


This Discussion