12-27-2006 11:41 AM - edited 03-11-2019 02:13 AM
I have a requirement to allow 11 internal hosts to access an FTP server through a site to site VPN tunnel. The other side wants to see a public IP address that is not the peer address (outside interface). I?ve been unable to make a NAT that will translate multiple IP?s to a single outside address. Is this possible on an ASA5520, and if so can you point me in the right direction?
12-27-2006 01:30 PM
You will need to use policy nat, probably with an ACL. This link should help.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml
01-09-2007 04:04 PM
Thank you. This document was also very informative.
12-27-2006 03:41 PM
Hi .. you need to use PAT with an access-list
i.e
nat (inside) 10 access-list FTP_Access
access-list FTP_Access extended permit tcp
global (outside) 10
You also need to make sure you allow that access on any access list applied to the inside interface .. now I am not sure whether you will be able to get this traffic throught the VPN tunnel ..
I hope it helps .. please rate it if it does !!!
01-09-2007 04:01 PM
Thank you. That's just what I needed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: