Showing results for 
Search instead for 
Did you mean: 

L2L VPN Tunnel with NAT on one side working only in one direction.

Level 1
Level 1

Site A is hosting a host running SMTP services using port 9999. The outside IP address of site-A (ASA5505) is A.A.A.A and port 9999 on outside interface (A.A.A.A) has been statically natted to private ip of the SMTP host.
Site-B is trying to reach site-A using its public ip (A.A.A.A) on port 9999. Both Phase1 and Phase2 gets established but Site-B is not able to reach Site-A (not able to ping, telnet,ssh,smtp). Zero encaps/decaps on site-A. Howerver, site-A reaches site-B using its private ip ( on port 9999 without any issue.

Is there any issue using outside interface of ASA with NATTED port for VPN traffic?

1 Reply 1

If you are setting up a site-to-site VPN,why are you trying to connect to  the public address of the smtp server?

if you want to connect to the public address then you would not go through a VPN tunnel

please share relevant configurations

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: