Cannot NAT from inside to outside over a tunnel

omcohdx · ‎03-27-2023

Hello,

I have a site to site vpn that works just fine, however when I tried to NAT traffic from my INTERNAL network with a pool NATPOOL over that vpn tunnel, the traffic simply doesn't work, what I tried is to implement the following nat rule but still the NAT is not happening

nat (outside,inside) source dynamic INTERNAL interface destination static VPN NATPOOL

My ultimate goal is to NAT traffic from my INTERNAL network to a pool NATPOO, over a tunnel that resides on VPN, here's the following objext that I have in my ASA

object network INTERNAL -----> this is my inside network

subnet 10.0.0.0 255.0.0.0

object network NATPOOL ----> this is pool to NAT internal network

subnet 172.20.0.0 255.255.252.0

object network VPN

subnet 10.100.0.0 255.255.252.0 ---> this is the pool of the vpn tunnel

Rob Ingram · ‎03-27-2023

@omcohdx try this

Nat (inside,outside) source static INTERNAL NATPOOL destination static VPN VPN

The crypto ACL to define interesting VPN traffic will have to match the translated address (NATPOOL), this must be mirrored on both sides of the tunnel.

MHM Cisco World · ‎03-27-2023

The NAT with VPN policy based not work for asa

Try use vti and nat traffic to vti.