Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT through site to site VPN on ASA 5510

We just implemented a site to site tunnel with another network and now need to NAT addresses from our LAN through the tunnel. Not sure how to do this correctly, and without breaking anything else.

The internal network is The tunnel allows traffic between and I need to translate to to get to Is there a way to do this on the ASA? Or do I need a router in front of the ASA to NAT addresses? Currently is being NAT'd outbound to a global pool for internet traffic, and that needs to stay in place.


Cisco Employee

Re: NAT through site to site VPN on ASA 5510

Create an ACL :

access-list policy_nat permit ip

Create a static NAT with policy :

static (inside,outside) access-list policy_nat

And your crypto ACL will look like :

access-list cry_acl permit ip

That would not affect any other tunnel or the Internet traffic.

*Please rate if helped.


New Member

Re: NAT through site to site VPN on ASA 5510

Hi Kanishka,

static (inside,outside) access-list policy_nat doesn't take. I get an error at policy_nat.

access-list policy_nat permit ip is okay.

Any suggestions?

CreatePlease to create content