Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Using VPN Gateway IP as encryption domain IP

Dear All,


Please kindly help me with the scenario below.


We are trying to establish the site to site VPN with a partner who only accepts public IPs as encryption domain. Unfortunately, we have only one public IP address for internet access which means we are doing NAT overload.

My question is how can we configure the same IP assigned to our VPN gateway as encryption domain and map to the original private IPs.  





Everyone's tags (2)

Re: Using VPN Gateway IP as encryption domain IP

Hello @oladapo20,

The trick here is the NAT, you can configure the Site to Site using the external IP and also including the same IP as source on your encryption domain ACL. Here is an example:

nat (inside,outside) source dynamic interface destination static 10.x.x.70 10.x.x.70 no-proxy-arp route-lookup

access-list l2lvpn extended permit ip host 10.x.x.70

crypto map test_map 1 match address l2lvpn
crypto map test_map 1 set peer
crypto map test_map 1 set transform-set ESP-3DES-SHA

tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
ikev1 pre-shared-key *

As you can see you are doing the NAT for your internal network to the interface going to 10.x.x.70, this traffic should be going through the VPN tunnel. If you already have the NAT for Interneta where you are NATting everything this should work also, the ASA will know how to send the traffic back to the internal resource.

The only downside is the remote end cannot initiate traffic since the ASA will not know where to send the traffic. If you can provide more info I can provide the exact commands for you.

Community Member

Re: Using VPN Gateway IP as encryption domain IP

Hello, Gio


Thank you for the quick response and information. Unfortunately, Our router is not ASA so it is not possible to configure nat (inside, outside). However, we will try to translate your suggestion on the router.




CreatePlease to create content