Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
2
Replies

Cannot NAT from inside to outside over a tunnel

omcohdx
Level 1
Level 1

‎03-27-2023 01:02 PM

Hello,

I have a site to site vpn that works just fine, however when I tried to NAT traffic from my INTERNAL network with a pool NATPOOL over that vpn tunnel, the traffic simply doesn't work, what I tried is to implement the following nat rule but still the NAT is not happening

nat (outside,inside) source dynamic INTERNAL interface destination static VPN NATPOOL 

My ultimate goal is to NAT traffic from my INTERNAL network to a pool NATPOO, over a tunnel that resides on VPN, here's the following objext that I have in my ASA

object network INTERNAL -----> this is my inside network

 subnet 10.0.0.0 255.0.0.0

object network NATPOOL ----> this is pool to NAT internal network

 subnet 172.20.0.0 255.255.252.0

object network VPN

 subnet 10.100.0.0 255.255.252.0 ---> this is the pool of the vpn tunnel

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎03-27-2023 01:27 PM

@omcohdx try this

Nat (inside,outside) source static INTERNAL NATPOOL destination static VPN VPN

The crypto ACL to define interesting VPN traffic will have to match the translated address (NATPOOL), this must be mirrored on both sides of the tunnel.

 

 

 

 

 

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP

‎03-27-2023 02:12 PM - edited ‎03-27-2023 02:23 PM

The NAT with VPN policy based not work for asa

Try use vti and nat traffic to vti.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card