The Following config will do Policy NAT on a L2L tunnel, but I want to
PAT from one IP. So for Example instead of NATing 172.16.5.0, I want to PAT 172.16.5.10 for all inside clients before crossing tunnel. Can this be done?? How? I tried setting the static to 172.16.5.10 but get errors about overlapping global........
In order to configure Policy NAT for VPN traffic, for example, to change the source address, refer to this configuration example. In this example, the internel network is 10.10.1.0/24.
Create an access-list for Policy NAT with real source and a destination IP address.
access-list POLICYNAT extended permit ip 10.10.1.0 255.255.255.0 host 172.16.1.1 access-list POLICYNAT extended permit ip 10.10.1.0 255.255.255.0 22.214.171.124 255.255.255.0
Create a static command that states that when source is 10.10.1.0 and destination is 172.16.1.1 or 126.96.36.199, change it to 172.16.5.0
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...