With Policy NAT, the source address of interesting traffic can be changed to something else, especially in the case where there are networks that overlap.
In order to configure Policy NAT for VPN traffic, for example, to change the source address, refer to this configuration example. In this example, the internel network is 10.10.1.0/24.
access-list POLICYNAT extended permit ip 10.10.1.0 255.255.255.0 host 172.16.1.1access-list POLICYNAT extended permit ip 10.10.1.0 255.255.255.0 220.127.116.11 255.255.255.0
static (inside,outside) 172.16.5.0 access-list POLICYNAT
access-list VPN extended permit ip 172.16.5.0 255.255.255.0 host 172.16.1.1access-list VPN extended permit ip 172.16.5.0 255.255.255.0 18.104.22.168 255.255.255.0
crypto map VPN 10 match address VPN
what about if same NAT ip is needed to be used for another client B?
then i get error
lets say after above config if i do same for another client B
static (inside,outside) 172.16.5.0 access-list CLIENTB-POLICYNAT
it gives me error, that 172.16.5.0 already in use, how can i fix this? i am moving from CISCP VPN concentrator to ASA, where as in Concentrator this situation works.