Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site to Site VPN: Static and Dynamic NAT

Overview of data flow. The other company is requiring us to nat to the 192.168.x.x addresses

- Outbound ftp traffic from any host to X needs to be natted to a single ip address

- SMTP traffic needs to flow both ways to a natted ip address (problem here is that our server will send email on 1 ip address and receive on another)

- Inbound ftp needs to go to a single natted ip address

Our ip's are 10.10.x.x and we will be natting to a 192.168.221.x address.

Two Static Nat's for inbound ftp and smtp traffic

Static (inside,outside) 10.10.x.y [This is for the inbound ftp]

Static (inside,outside) 10.10.x.x [ Inbound SMTP Traffic]

Dynamic Nat for Outbound FTP/SMTP

Access-list mynat permit ip host x.y.z.1 (traffic to ftp)

access-list mynat permit ip host x.y.z.2 (traffic to their smtp server)

Nat(inside) 4 access-list mynat

Global(outside) 4

Crypto Access-list

Access-list vpnacl permit ip x.y.z.0

Crypto map mymap 10 match address vpnacl


Community Member

Re: Site to Site VPN: Static and Dynamic NAT

I forgot to ask if anyone could let me know if this would work and if it is the best way to do it.


CreatePlease to create content