Solved: Cannot access static nat addresse over vpn.

ReneRasmussen · ‎09-09-2010

I have an asa5510 where i have

a static nat from one interface to another.

i also have a VPN connection to the asa..

From the other side of the vpn connection, i cannot acces this Static nat.

192.168.170.x is the vpn network.

Is it not possible to access static nats over vpn?

object-group network DM_INLINE_NETWORK_16
network-object 192.168.0.0 255.255.255.0
network-object vxtron 255.255.255.0
network-object dmz_zone 255.255.255.0
network-object 192.168.170.0 255.255.255.0

access-list MPLS_nat0_outbound extended deny ip host 172.26.1.5 any

access-list MPLS_nat0_outbound extended permit ip 172.26.0.0 255.255.252.0 object-group DM_INLINE_NETWORK_16

access-list pnat1 extended permit ip host 172.26.1.5 any

static (MPLS,Inside) 192.168.0.199 access-list pnat1

nat (MPLS) 0 access-list MPLS_nat0_outbound
nat (MPLS) 1 172.26.0.0 255.255.252.0
static (MPLS,Inside) 172.26.1.5 access-list MPLS_nat_static

hdashnau · ‎09-09-2010

Rene, Glad you figured this one out on your own! If you could, please mark the post as resolved so we know it doesnt need further attention

View solution in original post

ReneRasmussen · ‎09-09-2010

Ahh think i found the error.

i need a

static (MPLS,Outside) 172.26.1.5 access-list MPLS_nat_static_1

for each interface i want to access the nat from..

Learning something new each day.:)

hdashnau · ‎09-09-2010

Rene, Glad you figured this one out on your own! If you could, please mark the post as resolved so we know it doesnt need further attention