https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4045926#M1067778 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp;If you need bidirectional traffic flow, you need to do static NAT, at subnet level. Assuming the overlapping subnet is 10.10.10.0/24:</P><P>&nbsp;</P><P>- you configure left side to NAT 10.10.10.0/24 into 10.11.11.0/24; configure the required objects and replace interface nameifs, but statement looks like nat(inside,outside) 1 source static 10.10.10.0/24 10.11.11.0/24 destination static 10.12.12.0/24 10.12.12.0/24</P><P>- you configure right side to NAT 10.10.10.0/24 into 10.12.12.0/24;&nbsp;configure the required objects and replace interface nameifs, but statement looks like nat(inside,outside) 1 source static 10.10.10.0/24 10.12.12.0/24 destination static 10.11.11.0/24 10.11.11.0/24</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Sat, 14 Mar 2020 16:53:20 GMT Cristian Matei 2020-03-14T16:53:20Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4038970#M1067215 <P>Hi All,</P><P>I have requirement for the VPN , remote subnet is getting conflict with local VPN subnet so i want to nat the local subnet with 1 public ip address and that public ip address act as a local subnet for my VPN.</P><P>&nbsp;</P><P>Local subnet:-10.10.10.0/24 this should nat with single public ip :-1.1.1.1 ( for example)</P><P>&nbsp;</P><P>Please any experts suggest me , how to achive this..</P> Tue, 03 Mar 2020 02:03:41 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4038970#M1067215 vasanth.manoharan 2020-03-03T02:03:41Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4039528#M1067258 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp; What is your ASA software version? Also, if you want the local subnet to be able to communicate with the remote subnet (which are the same in the end), you would need to NAT traffic both ways, statically.</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Tue, 03 Mar 2020 18:26:42 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4039528#M1067258 Cristian Matei 2020-03-03T18:26:42Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4039658#M1067262 <P>hi</P><P>&nbsp;</P><P>&nbsp;you can do a static NAT like below as suggested by Cristian;</P><P>&nbsp;</P><P>ip nat inside source static 10.10.10.0/24 1.1.1.1</P> Tue, 03 Mar 2020 21:09:04 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4039658#M1067262 joseph.pj 2020-03-03T21:09:04Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4039905#M1067279 <P>Hi ,</P><P>&nbsp;</P><P>version of ASA is Version 9.8(4)8.</P><P>and i expecting configuration like this , the&nbsp;below nat &nbsp;is for no natting :-</P><P>&nbsp;</P><P>local subnet is 10.10.10.0/24 and 10.10.20.0/24&nbsp; should nat with public ip address 1.1.1.1</P><P>&nbsp;</P><P>after this no nat will be like below.</P><P>nat (T1toASR,outside) source static&nbsp;1.1.1.1&nbsp;1.1.1.1 destination static 5.5.5.5/24 5.5.5.5/24</P><P>&nbsp;</P><P>on top of that i want to do the natting for local ip address:- (i.e) 10.10.10.0/24 and 10.10.20.0/24&nbsp; to one public ip that is 1.1.1.1 my question is how to do the source NAT i confused lot myself.</P> Wed, 04 Mar 2020 05:23:47 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4039905#M1067279 vasanth.manoharan 2020-03-04T05:23:47Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4040359#M1067338 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp;Do you need to achieve IP connectivity between the two overlapping subnets?</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Wed, 04 Mar 2020 18:09:10 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4040359#M1067338 Cristian Matei 2020-03-04T18:09:10Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4040540#M1067357 <P>Yes, i want to set up a VPN between two overlapping subnet</P> Thu, 05 Mar 2020 01:23:10 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4040540#M1067357 vasanth.manoharan 2020-03-05T01:23:10Z https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4045926#M1067778 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp;If you need bidirectional traffic flow, you need to do static NAT, at subnet level. Assuming the overlapping subnet is 10.10.10.0/24:</P><P>&nbsp;</P><P>- you configure left side to NAT 10.10.10.0/24 into 10.11.11.0/24; configure the required objects and replace interface nameifs, but statement looks like nat(inside,outside) 1 source static 10.10.10.0/24 10.11.11.0/24 destination static 10.12.12.0/24 10.12.12.0/24</P><P>- you configure right side to NAT 10.10.10.0/24 into 10.12.12.0/24;&nbsp;configure the required objects and replace interface nameifs, but statement looks like nat(inside,outside) 1 source static 10.10.10.0/24 10.12.12.0/24 destination static 10.11.11.0/24 10.11.11.0/24</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Sat, 14 Mar 2020 16:53:20 GMT https://community.cisco.com/t5/network-security/asa-source-nat-for-vpn-local-subnet-should-nat-with-single/m-p/4045926#M1067778 Cristian Matei 2020-03-14T16:53:20Z