Hi Shibu,

Shibu1978 · ‎12-13-2015

Dear all,

I lost site to site vpn connectivity to one of remote office server from my office network after configured a static nat for public access for this server.

It seems static nat is preferred over nat0 (vpn) hence i cannot access server over vpn. if i remove the static nat then i can reach the server thru vpn.

Here is the config i have in remote asa.

Nat 0
-----

nat (INSIDE,OUTSIDE) source static LOCATION-A LOCATION-A destination static LOCATION-B LOCATION-B no-proxy-arp route-lookup

object-group network LOCATION-A
network-object 10.11.40.0 255.255.255.0
network-object 10.40.1.0 255.255.255.0
network-object 10.11.41.0 255.255.255.0
network-object 10.11.42.0 255.255.255.0
network-object 10.40.5.0 255.255.255.0
network-object 10.11.43.0 255.255.255.0

object-group network LOCATION-B
network-object 10.10.6.0 255.255.255.0
network-object 10.10.9.0 255.255.255.0
network-object host 10.10.2.200

route MANGMNT 10.11.43.0 255.255.255.0 10.11.40.254 1

Static nat
---------

object network TEST-SERVER
host 10.11.43.1
nat(MANGMNT,OUTSIDE) static 18.*.*.*

Version
=======
Cisco Adaptive Security Appliance Software Version 9.2(3)4
Device Manager Version 7.4(3)

Will the below nat give preference(put Nat0 on top of static nat) for NAT0 over static nat. please guide me. thanks for your response.

nat (INSIDE,OUTSIDE) 1 source static LOCATION-A LOCATION-A destination static LOCATION-B LOCATION-B no-proxy-arp route-lookup

Thanks

rvarelac · ‎12-16-2015

Hi Shibu,

You are correct , if you implement your NAT0 at the top , should tak precedence over your static NAT.

Just make sure to clear the NAT table "Clear xlate" prior to test.

Hope it helps

-Randy-

static nat vs nato -site to site vpn