Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Static Policy NAT for a VPN

I think I have this configured properly, but wanted to verify. I need to have certain hosts NATed through a VPN tunnel (we have overlapping internal space between us). I want to verify what should be the translated interface. I configured it as the "outside" interface which I believe is what I want for VPNs. Is this correct?

Example:

10.1.1.1 -> (Inside) ASA (Outside) -> 1.2.3.4 -> Into Tunnel <- Customer's Side

1 REPLY
Hall of Fame Super Blue

Re: Static Policy NAT for a VPN

Jim

It can be any address you choose as long as that address is routed to you. For a site-to-site VPN you could just use a private address that is not in use by the third party.

But in answer to your specific question, yes the outside interface address is as good as any.

Jon

115
Views
0
Helpful
1
Replies
CreatePlease to create content