Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

can I NAT only VPN tunnel traffic

Hello All,

I have a HQ with few hosts (10.1.1.x) which need to communicate to Remote office's hosts via VPN tunnel and servers via normal routing. Due to some limitation, we need HQ hosts to appear as from 20.1.1.x network for the RO which can be done easily by NATting. However, due to the same limitation, once HQ host need to reach a server outside, an original 10.1.1.x address should appear. Can I configure NAT to be used for VPN tunnels only on ASA (5512)?

Thanks

Everyone's tags (2)
1 REPLY
VIP Green

can I NAT only VPN tunnel traffic

You need to configure policy NAT for the VPN traffic.  The NAT commands vary depending on which version ASA you are running. 

This link provides a good example between pre 8.3 and post 8.3 NAT configurations.

https://supportforums.cisco.com/docs/DOC-9129

Let me know if you require any further clarification.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
192
Views
0
Helpful
1
Replies
CreatePlease login to create content