Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA VPN - NAT Peer network

We have a requirement to NAT every site-to-site VPN host into a specific range of IPs. For example, A remote host is 10.1.1.200, we need to NAT this on our ASA to 172.24.202.1 through to the destination network.. This needs to be a 1-to-1 static nat for inbound and outbound communication to our network. Does this only require a static (inside,outside) along with static (outside,inside) or is there more that is needed? Any help is greatly appreciated.

2 REPLIES
New Member

Re: ASA VPN - NAT Peer network

You will have to do a static translation for each one or you can use a nat-pool. Static (inside,outside) works both ways, there is no need for the (outside,inside) you are refering to.

Please rate if this is helpful. Thanks

Silver

Re: ASA VPN - NAT Peer network

You can also do a policy static for this. This allows you to statically xlate to a specific IP for certain traffic then use a NAT/Global pair for everything else.

Example:

access-list pnat extended permit ip host 192.168.1.1 host 172.16.1.1

static (inside,outside) 10.1.1.1 access-list pnat

nat (inside) 1 0 0

global (outside) 1 interface

Jay

119
Views
0
Helpful
2
Replies