Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
1
Replies

can I NAT only VPN tunnel traffic

osimonov1
Level 1
Level 1

‎02-21-2014 08:58 AM - edited ‎03-11-2019 08:48 PM

Hello All,

I have a HQ with few hosts (10.1.1.x) which need to communicate to Remote office's hosts via VPN tunnel and servers via normal routing. Due to some limitation, we need HQ hosts to appear as from 20.1.1.x network for the RO which can be done easily by NATting. However, due to the same limitation, once HQ host need to reach a server outside, an original 10.1.1.x address should appear. Can I configure NAT to be used for VPN tunnels only on ASA (5512)?

Thanks

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎03-01-2014 03:06 AM

You need to configure policy NAT for the VPN traffic.  The NAT commands vary depending on which version ASA you are running. 

This link provides a good example between pre 8.3 and post 8.3 NAT configurations.

https://supportforums.cisco.com/docs/DOC-9129

Let me know if you require any further clarification.

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card