06-09-2023 10:57 AM
I could use some help with an usual request from my client. He has a site to site VPN from his primary location (location A) to a remote site (location b). Traffic between devices on each side of the tunnel are able to communicate. He has requested help with NAT'ing a public address from his assigned block on location a to a device on the b side.
In short -- Site A - public address 1.2.3.4 nat to 10.200.5.196 which is on the remote side of the tunnel in site B. He wants to lock it down to a specific external IP 4.3.2.1 which can connect to this host on 1433. I have done this with other firewalls using a destination NAT. Is this possible with an ASA?
06-09-2023 11:01 AM - edited 06-09-2023 11:02 AM
Sure
nat(in,out) source static local-lan local-lan destiantion static remote-lan map-remote-lan
This way you can nat destiantion.
Note:- acl of s2s vpn must config with map-remote-lan not real IP
06-09-2023 12:09 PM
Thank you. I am sort of following, Do I need a rule to allow traffic to that public IP on the A side which would NAT to my server on the other end of the tunnel?
06-09-2023 12:22 PM
check this link
Solved: NAT Traversal - Cisco Community
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide