Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1096
Views
5
Helpful
2
Replies

Static NAT over Site to Site VPN on ASA Firewall

Essa_Rahemi
Level 1
Level 1

‎03-11-2022 10:21 AM

Dear Team,

 

there is a requirement that need to have static NAT between two sites.

in both sites there will be multiple hosts and on a static NAT there is used only one single IP so,

e.g LAN1 IPs 192.168.1.1, 192.168.1.2, 192.168.1.3 these IPs will be nated static to IP 10.10.10.10 so on from  LAN2 will try to access all the LAN IPs 3 mentioned above through single nated IP which is 10.10.10.10, because LAN2 knows only IP 10.10.10.10,

how is it possible to access from LAN2 any of IPs in LAN1 without Port Forwarding, how much is route map possible ?

2 Replies 2

Rob Ingram
VIP
VIP

‎03-11-2022 11:41 AM

@Essa_Rahemi try the following, which will translate your local network to 10.10.10.10:-

 

object network LOCAL
 subnet 192.168.1.0 255.255.255.0
object network LOCAL-XLATE
 subnet 10.10.10.10 255.255.255.0
!
nat (INSIDE,OUTSIDE) source static LOCAL LOCAL-XLATE destination static REMOTE REMOTE no-proxy-arp

...your crypto ACL would have to specify 10.10.10.10 as the source.

0 Helpful

Essa_Rahemi
Level 1
Level 1
In response to Rob Ingram

‎03-11-2022 08:33 PM

You are right, but when ever remote site tries to reach different hosts which is located in LOCAL LAN how it will be able to specify ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card