Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
2
Helpful
3
Replies

Destination NAT over VPN tunnel

pjustdts
Level 1
Level 1

‎06-09-2023 10:57 AM

I could use some help with an usual request from my client. He has a site to site VPN from his primary location (location A) to a remote site (location b). Traffic between devices on each side of the tunnel are able to communicate. He has requested help with NAT'ing a public address from his assigned block on location a to a device on the b side.

In short -- Site A - public address 1.2.3.4 nat to 10.200.5.196 which is on the remote side of the tunnel in site B. He wants to lock it down to a specific external IP 4.3.2.1 which can connect to this host on 1433. I have done this with other firewalls using a destination NAT. Is this possible with an ASA?

Labels:
3 Replies 3

MHM Cisco World
VIP
VIP

‎06-09-2023 11:01 AM - edited ‎06-09-2023 11:02 AM

Sure 

nat(in,out) source static local-lan local-lan destiantion static remote-lan map-remote-lan

This way you can nat destiantion.

Note:- acl of s2s vpn must config with map-remote-lan not real IP

pjustdts
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 12:09 PM

Thank you. I am sort of following, Do I need a rule to allow traffic to that public IP on the A side which would NAT to my server on the other end of the tunnel?

0 Helpful
Customers Also Viewed These Support Documents