Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn and NAT

Hey All,

Please see the attached config file for more info.

I want to be able to NAT the computer at (fe0 on 851) to a address and allow it to go across the vpn tunnel to the computer at

The crypto map on the 851 allows to and vice versa on the cisco ASA at the other end.

I changed the ip's for posting purposes but the rest of the config is pretty much the same.

I know the config is missing all the NAT entries and thats why I'm posting this. Can someone help me out with the appropriate NAT commands and tell me if this is even possible.

This vpn tunnel is to a 3rd party and whateve addressing we use on our end they cannot initiate the tunnel. I can always initiate the tunnel from my end but never get any response from such tests a ping, trace, https, http, telnet etc.

If we use a private addressing of on OUR side, it mysteriously works. They wanted us to use initiatlly but its not part of our network structure.

We are pretty sure its a routing issue on THEIR end but can't be 100% certain :>).

I'd like to see if I can get this NAT scenario working to solve this issue.

Hopefully I supplied enough info, but send me a message if not.




Re: vpn and NAT


On a PIX or ASA this is relatively simple - on a router I'm not 1005.....but you could try creating a specific pool of addresses that contain only 1 or 2 IP addresses. Then configure an extended acl for the source of and the destination of the remtoe /24 subnet.

Then create a NAT rule using the acl and the pool. Also create a no-nat so that the host can still browse the web. When you write the interesting VPN acl - don't forget to use the NATT'd IP not the real IP.


CreatePlease login to create content