Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
1
Replies

Cisco ASA 5506-X use ip-address of outside interface as nat address in site 2 site tunnel

dsgust
Level 1
Level 1

‎12-12-2018 07:23 AM - edited ‎02-21-2020 08:34 AM

Does anybody know if its possible to use the public outside ip-address as translated nat address on an site 2 site tunnel?

 

Translate all local ip-addresses to public ip, then tunnel the traffic via site2site tunnel to remote site.

 

Or do one have to use another ip-address for this?

 

 

0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎12-12-2018 07:45 AM

hi yes you can do this.

 

assume you public ip address is 1.2.3.4 and you wanted to nat into your inside network. so for your internal user this address show as your internal ip address (let say your internal ip address subnet is 192.168.0/24)

 

object network Public-IN

  host 1.2.3.4

  nat (outside,in) static 192.168.1.20

!

access-list OUT-IN extended permit tcp any host 192.168.1.20 eq 80

access-group OUT-IN in interface outside

!

now added this object in your site-to-site vpn

!

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card