We are sending traffic sourced from the ASA's inside interface over our l2l vpn tunnel. We need to NAT the inside interface's IP address. NAT works when we ping *to* the inside interface over the tunnel; we receive replies and we see hit counts on the NAT statement. When we ping *from* or generate syslog traffic from the inside interface though, the traffic goes out the proper interface (outside) but the NAT isn't hit! Ie. NAT works when the traffic is going outside->inside but not inside->outside.
Our NAT statement looks like this:
nat (any,any) source static obj-inside obj-inside-NAT destination static obj-vpn obj-vpn
But we see the non-NAT'd traffic going out the outside interface!
9: 08:58:03.305007 802.1Q vlan#2 P0 10.1.1.1.514 > 10.23.45.67.514: udp 111
Running 5505 on 9.1(7)16.
So the question is, why isn't traffic sourced from our inside interface hitting the NAT statement?
Solved! Go to Solution.