Cisco Support Community
Community Member

Site to Site VPN w/Static NAT?

I have a site to site vpn with a UC520 on one end and a ASA 510 on the other end.  Its been working fine for quite some time.  I need to NAT a server

on the UC520 end but whenever I NAT it the server seems statically bound to the external interface and can no longer communicate with the servers behind the ASA on the other end.

I'm more of an ASA guy and not so sharp with the 871/UC520 configurations but i've never had to do anything additional to nat a server to a static external address to keep the vpn communication for the server still intact.

Can someone give me an example of how i'd nat the server while stil maintaining VPN communications through the tunnel.

I'm using ip nat inside source static  , which indeed maps it to the outside and that works, but then can't ping which is the server behind the ASA.



Re: Site to Site VPN w/Static NAT?

Once you introduce static NAT for this traffic flow, you will need to ensure that your crypto and NAT exemption ACLs are updated to reflect the new source and destination.  Without this, the UC will send these packets outside of the tunnel where it will be dropped upstream due to the RFC1918 destination address.  This change will need to be reflected in both the UC and ASA configuration.  Feel free to PM me your configs and I can take a look at what you have so far.


CreatePlease to create content