Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Creata a NAT

Hi,

I have an IP address that I need to NAT on my Cisco ASA 5520.

I have a VPN to another company and I need to allow this IP through this VPN tunnel but it clashes with an IP at there end.

I need to NAT 192.168.21.19 which is on the instide interface of my ASA to 172.30.0.19 on the outside interface where the VPN is located.

How can I do this?

Thanks

6 REPLIES

Re: Creata a NAT

New Member

Re: Creata a NAT

Hi Andrew,

To make it simple for me could I just add a static NAT from 192.168.21.19 to 172.30.0.19?

If so would this be inside to outside? They need to be able to ping 172.30.0.19.

Re: Creata a NAT

Yes you could - but then it would mean that NAT from 192.168.21.19 to 172.30.0.19 would be ALL the time.

with policy based NAT - it's based on an ACL, so source & destination have to match BEFORE the NAT takes place.

HTH>

New Member

Re: Creata a NAT

You are right Andrew, I need to get this to work as I don't want this to be "NAT'ed" everywhere.

I have a VPN where 10.10.10.14 sits (ASA VPN so Outside?), 192.168.21.19 (my inside) needs to ping this, however 192.168.21.19 is already used by this company where the VPN is, we agreed to use 172.30.0.19.

That web link looks quite advances, can you add the example you would use?

Re: Creata a NAT

Andy,

You need to configure the below:-

access-list policy-vpn-nat extended permit ip host 192.168.21.19 host 10.10.10.14 (Source of 192.168.21.19 to destination 10.10.10.14 = true)

access-list crypto-vpn extended permit ip host 172.30.0.19 host 10.10.10.14 (once the above access-list has been hit, the NAT will take place, then the source of 172.30.0.19 to desintation 10.10.10.14 is valid for the VPN)

static (inside,outside) 172.30.0.19 access-list policy-vpn-nat (NAT the source IP of 192.168.21.19 to 172.30.0.19 - based on the acl policy-vpn-nat)

The remote end muct have the same encryption domain for hthe VPN to establish.

HTH>

New Member

Re: Creata a NAT

Hi,

I will copy this into my ASA config and let you know.

Thanks

139
Views
5
Helpful
6
Replies
CreatePlease to create content