Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LAN to LAN VPN with NAT --- Resolved!

Hi Everyone,

I am having issues with a L2L VPN that is set up and connected, however when traffic comes in from the other side of the tunnel it does not make it to the Inside network host that is being static NATed. The inside host 172.18.30.225 is being NATted to yyy.30.49.14 which is an IP Address on the DMZ Interface (yyy.30.49.0 255.255.255.240).

Here is the configuration


object-group network NET-Tunnel
  network-object host xxx.220.129.134

access-list Tunnel--ACL extended permit ip host yyy.30.49.14 object-group NET-Tunnel

crypto map MAP_Tunnel 20 match address Tunnel-ACL


object network Tunnel-iServer-NAT
host yyy.30.49.14
object network Tunnel-iServer-Host
host 172.18.30.225


object network Tunnel-iServer-Host
nat (Internal,DMZ) static Tunnel-iServer-NAT

I hope this is sufficient enough for someone to help me.

Thanks,

M

Version 8.3.1 ASA

Message was edited by: Network Operations

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LAN to LAN VPN with NAT

Does the Internal host live on the DMZ network or Internal network? If it actually lives on the Internal network then you cannot NAT it to the DMZ interface and have it going out the outside Interface assuming the outside interface is the VPN termination interface. If you are terminating the VPN on the DMZ interface and the internal host lives on the Internal network then that is fine.

3 REPLIES
Cisco Employee

Re: LAN to LAN VPN with NAT

Does the Internal host live on the DMZ network or Internal network? If it actually lives on the Internal network then you cannot NAT it to the DMZ interface and have it going out the outside Interface assuming the outside interface is the VPN termination interface. If you are terminating the VPN on the DMZ interface and the internal host lives on the Internal network then that is fine.

New Member

Re: LAN to LAN VPN with NAT

Hi Thanks for your reply.

The Internal host lives in the Internal and the tunnel terminates on the Outside interface, What should I do to make this work?

Thanks,

M

New Member

Re: LAN to LAN VPN with NAT

This thread can be closed. I moved the NAT from out of the DMZ to an IP that was bound to the inside.

It now works.

Mods. Please close this thread.

Thanks.

818
Views
0
Helpful
3
Replies