Hi,

I dont think I know how the setup actually is.

Since you now mentioned ASDM I assume that you are using an ASA/PIX firewall. Though in the original post you mentiond loopback1 which is not something an ASA/PIX would have.

Also generally traffic incoming from VPN connection are allowed access to the actual internal IP address and there usually is no need for Static NAT.

Also if you are actually looking to configure Static NAT then the firewall software level might play a part in what the NAT configuration format is. There was a major change in the configuration format between 8.2 and 8.3 software versions.

- Jouni

JouniForss

Thank you for the reply

This is an ASA5520.

My goal is to create a rule in my VPN tunnel to my data center to test a fail over option

This loopback ip will be statically natted to a server ip address that I currently have at a remote data center.

When I ping the ip, the tunnel should come up.

My loopback ip is 192.168.255.1
The Server ip is 192.168.1.100

These servers are used for SAP applications
    I have specific ranges of ports on my router QoS t oassure bandwidth for those apps
    Will I need tpo specify those same port ranges in the VPN tunnel policy?

Can anyone verify this syntax?

Does this syntax look correct to accomplish the 1-1 nat on the ASA required to make this work?

object network My_VPNTest

host 192.168.255.1    (looback1)

nat (inside,outside) static 192.168.1.100

Rashid

Thank you for the reply

Cisco Adaptive Security Appliance Software Version 8.2(3)

Device Manager Version 6.3(3)

Rashid

Thank you for your guidance.