Showing results for 
Search instead for 
Did you mean: 
Level 1
Level 1


I have a question regarding dynamic policy NAT and IPSEC Site2Site connections.
Kinda hard to explain, but I will do my best.

The current setup is
- two sites, site A (ASA 5520) and site B (ASA5505). Botw with FW 8.2
- Both sites are connected via IPSec S2S tunnel
- At site A I have a customer router connected, with a transfer network of
- Our customer requieres us to SNAT every connection that goes to the customer network
- The SNAT IP has to be from the transfer network

At site A it works quite simple.
I have a dynamic policy NAT defined that every source IP from site A ( )
that has as destination will be translated to

The problem is site B ( ).
In this case I have a dyn. policy NAT at the ASA5505 at site B.
Every source IP from site B ( ) that has as destination will be translated to
This IP is included in the S2S tunnel to site A and should be normaly forwared.
When I try to access the customer network at site A, it works pretty fine. When I try this at site B I don't get any connection.
At site B I don't see any errors. ACLs, NAT, the IPSec tunnel, everything seems to be fine. The source IP gets natted, enters the tunnel and is sent to site A.
At site A I also don't see any errors at all.
All I see is something like this on the ASA site A:
6 Oct 26 2009 12:18:04 302013 14304 8001 Built inbound TCP connection 182622841 for outside: ( to int_trans_network: (

Strange thing is that I don't see any packets leaving the interface on the ASA. Is there any FW bug?!

Any comments and recommendations are welcome!!



Thank you for your posting and interest in the Cisco Support Community.  For best practices on posting documents in this community you can refer to

For technical questions related to a Cisco Product or Technology, we encourage you to post on the Network Professionals Forum (NetPro). For your question on <specify Cisco Product or technology> you can go to <put the link to the specific forum, e.g. if the question is related to VPN ,  put the post in VPN

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: