Showing results for 
Search instead for 
Did you mean: 

Bidirectional NAT site to site vpn


Hi guys,

I have the following scenario: Site to Site vpn with NAT configured on local cisco router like bellow (remote network not managed by me)

Outgoing vpn traffic is overload NAT-ed

ip nat pool NAT_POOL netmask

ip nat inside source list ACL_NAT_OUT pool NAT_POOL overload

ip access-list ext ACL_NAT_OUT

permit ip


Incoming traffic for local host is NAT-ed like

ip nat inside source static route-map RM_NAT_STATIC extendable reversible


ip access-list ext ACL_NAT_STATIC

 permit ip host


route-map RM_NAT_STATIC permit 10
 match ip address ACL_NAT_STATIC


Once I configure the incoming one to one NAT, the outbound traffic from local host to remote host is not working anymore.

Can you please tell me what is wrong?


2 Replies 2

paul driver
VIP Expert VIP Expert
VIP Expert

Not quite what you are trying to accomplish here, you mention bi-directional nat and show a static nat route-map statement, which based on source/destination traffic flow, Which probably isn't necessary, as by default any static nat/pat statements are bi-directional anyway, However what is incorrect is the inside global addressing allocated for the static nat -, which  isn't in the same subnet as the inside global addressing of the nat pool. -

so if you are wanting to use then it needs to be reachable externally to your rtr

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

please draw what you want if you can ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers