Port Address Translation using IP Address of Interface
In our case atleast, usually there is NAT0 / NAT Exempt for all L2L VPN traffic.
I guess you will just want to PAT all traffic from one site to the other? So basicly only one site would be establishing the connections in this L2L VPN setup? (Since you can't access host behind the PAT translations only)
To my understanding if you want to use some PAT address on your firewall as the source address for the L2L VPN traffic, you use the PAT address as your local network in the encryption domain configurations.
For example we have a setup where we have a /24 public network on our outside interface of ASA
Our encryption domain ACL therefore has the whole /24 public network range as the source address for the L2L VPN. Some of the translations are simple PAT translations. Some are Policy PAT translations. Some are just static NATs.
Please rate if you found any information helpfull.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...