Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
0
Helpful
2
Replies

ASA Ipsec - 2 static entry for the same source ip address

cisconell
Level 1
Level 1

‎05-28-2012 12:55 PM - edited ‎02-21-2020 06:05 PM

Hi Experts,


I have the same scenario as explained in this thread  https://supportforums.cisco.com/thread/2140198

As the solution provided


Configure the ASA1 with Static Policy NAT
access-list L2LVPN-POLICYNAT permit ip host 192.168.1.2 host 10.1.0.2 

static (inside,outside) 10.23.1.2 access-list L2LVPN-POLICYNAT


Now suppose I have a 3rd site  for which same source 192.168.1.2 which is in used for ipsec  want to talk to 10.3.0.2


For which I use the static nat


static (inside,outside) 10.23.1.2 192.168.1.2 netmask 255.255.255.5  (no vpn required for 3rd site )

So my question can both this statments can be configured in same ASA  and will that work simultaniously


1.static (inside,outside) 10.23.1.2 access-list L2LVPN-POLICYNAT

2.static (inside,outside) 10.23.1.2 192.168.1.2 netmask 255.255.255.255

To my knowledge it should work . The first statement will come to effect when its going to the destination 10.1.0.2 only

For rest all traffic from source 192.168.1.2 it wil take the 2nd translation


Please confirm


Thanks

Labels:
0 Helpful
2 Replies 2

rizwanr74
Level 7
Level 7

‎05-28-2012 01:04 PM

Hi Nell,

Yes, it should work.

Let me know, how it coming along.

thanks

0 Helpful

cisconell
Level 1
Level 1
In response to rizwanr74

‎05-29-2012 10:33 AM

Thanks Rizwan . I will try and let you know .

0 Helpful
Customers Also Viewed These Support Documents