cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
315
Views
0
Helpful
1
Replies

SOURCE NAT FOR SITE TO SITE VPN

htaluja_2
Level 1
Level 1

We have VPN between two sites. All traffic (priv. sub - priv.sub) is not natted. However, I want to be able to source nat all traffic destined for a specific server and port? Can this be done?

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Yes, use policy NAT eg.

assuming tcp and you are translating the source IP addresses to 192.168.5.10

access-list pnat permit tcp any host "ip address" eq "tcp port"

nat (inside) 2 access-list pnat

global (outside) 2 192.168.5.10

Then what you need to do is update your crypto map access-lists to reference the natted address ie. 192.168.5.10 in addition to what they already reference. Obviously this needs updating at both ends.

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: