Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

SOURCE NAT FOR SITE TO SITE VPN

We have VPN between two sites. All traffic (priv. sub - priv.sub) is not natted. However, I want to be able to source nat all traffic destined for a specific server and port? Can this be done?

1 REPLY
Hall of Fame Super Blue

Re: SOURCE NAT FOR SITE TO SITE VPN

Hi

Yes, use policy NAT eg.

assuming tcp and you are translating the source IP addresses to 192.168.5.10

access-list pnat permit tcp any host "ip address" eq "tcp port"

nat (inside) 2 access-list pnat

global (outside) 2 192.168.5.10

Then what you need to do is update your crypto map access-lists to reference the natted address ie. 192.168.5.10 in addition to what they already reference. Obviously this needs updating at both ends.

HTH

Jon

154
Views
0
Helpful
1
Replies
CreatePlease to create content