Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
212
Views
0
Helpful
1
Replies

Site to Site VPN - NAT

ohareka70
Level 3
Level 3

‎06-18-2015 08:52 AM - edited ‎03-11-2019 11:09 PM

Hello,

 

I need to convert this to the new version of NAT so I can put it into my ASA.  It wont take the three lines below

global (outside) 1 interface

nat (inside) 1 10.10.10.0 255.255.255.0

nat (inside) 0 access−list inside_nat0_outbound

 

So I did this but don't think its correct as the Site to Site VPN is not working

 

object network obj_10.10.10.0
 subnet 10.10.10.0 255.255.255.0
object network obj-access-list

 

object network obj_10.10.10.0
 nat (inside,outside) dynamic interface

Labels:
0 Helpful
1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎06-18-2015 12:37 PM

Hi Kevin,

Like below:

global (outside) 1 interface

nat (inside) 1 10.10.10.0 255.255.255.0

nat (inside) 0 access−list inside_nat0_outbound

 
object networ obj-10.10.10.0
subnet 10.10.10.0 255.255.255.0
nat (inside,outside) dynamic interface

 

nat (inside) 0 access−list inside_nat0_outbound

For VPN you need to do nat exempt where you will define local subnet let's say obj1 and remote as obj2

so statement would look like:

nat (inside,outside) source dynamic/static obj1 obj1 destination obj2 obj2.

 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card