02-05-2013 12:36 PM - edited 03-04-2019 06:56 PM
I have an ASA5510, and site-to-site VPN with several remote clients. I have to add another client but their network range overlaps an existing tunnel. Both are using 172.16.0.0/16. I would like to 1-to-1 NAT them as 172.17.0.0/16.
Is it possible to perform the NAT on my device, post-decryption, or is it necessary that I have them perform the NAT at their end?
thanks,
Rick
02-05-2013 12:52 PM
NAT happens on Cisco post-decryption. Here is a link.
HTH.
02-05-2013 12:55 PM
That sounds like a No -- as it seems to lead to having 172.16/16 in SA's on two tunnels, which I'm much more confident in saying it won't work.
Policy based nat seems to revolve around IP addressing, and is not able to attach a NAT policy to a tunnel group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide