Support,

I am trying to perform destination NAT through a VPN tunnel.

my scenario

traffic coming from 172.29.11.135 needs to connect to address 192.168.1.1

from the source device traffic will have a source IP address of 172.29.11.135 destination will be 172.30.14.1 traffic will hit the asa 5510 and the traffic source will stay as 172.29.11.135 but the destination needs to change to 192.168.1.1.

I have tried the different types of NAT but been unsucessful with all. My VPN tunnel will connect if the destination address does not change (NAT Exemption used).

Can you advise if this scenario is even possible on Cisco devices. I have seen discussion that NAT the source address but not the destination address.

example config

access-list FROM_INTERNET extended permit esp any any

access-list FROM_INTERNET extended permit ah any any

access-list FROM_INTERNET extended permit gre any any

access-list FROM_INSIDE extended permit ip host 172.29.11.135 host 172.30.14.1

access-list VPN-TUNNEL extended permit ip host 172.29.11.135 host 192.168.1.1

**I have left other config statements off as the NAT config used previous has not worked and the VPN tunnel does build when using NAT exempt.

**All ACL have been applied in the inbound direction on the respective interfaces. Two static routes have been applied to the FW directing inside traffic inbound and all unknown traffic outbound. I have not defined a specific static roule for the VPN traffic allowing the default static to perform that function**