01-19-2021 07:10 AM
Hello All,
I have configure IPsec VTI tunnel on ASA. i am try to configure NAT rule but interface not showing while adding nat statemen.
01-19-2021 07:13 AM
What NAT rule you need?
01-19-2021 07:33 AM
i need NAT rule from INSIDE to VIT_Tunnel.
01-19-2021 07:35 AM
Ok but why ?
Can You provide full rule ?
It is must be twice nat?
01-19-2021 07:31 AM
You shouldn't need to...
"VTI eliminates the need to use crypto access lists and Network Address Translation (NAT) exemption rules."
If you are having an issue, please run packet-tracer from the CLI and "show nat detail", provide the output from both.
01-19-2021 07:36 AM
i need NAT rule to do destination NAT & source PAT.
01-19-2021 07:46 AM
You want to NAT traffic over the route based VPN? Normally when using a route based VPN you just route traffic over the tunnel without NAT, which is probably why the VTI interface does not show when attempting to create NAT rule. You could try "any" when specifying the interface name in a NAT rule.
01-19-2021 08:58 AM
If I right it is bug
05-30-2022 10:11 AM
Non applicable in all cases thuogh, but the "any" keyword may save your life.
Nat rule that should be entered this way:
nat (VTI,outside) source dynamic RFC1918-1 SRCNAT destination static DSTNETWORK DSTNETWORK
but it's not applicable since VTI interface isn't available, entered this way did the trick to me:
nat (any,outside) source dynamic RFC1918 SRCNAT destination static DSTNETWORK DSTNETWORK
02-01-2023 09:02 AM
Thanks, this workaround works for me.
11-09-2023 12:15 PM - edited 11-09-2023 12:16 PM
this workaround actually does the job when using VTI: nat(any,interface)...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide