07-29-2020 02:09 AM
I am about to configure a site to site VPN, where the destination side would like us to just present one /24 range.
We have mulitple ranges that will nee to connect to it so need to NAT any of our traffic going to the dest server to a /24 range.
Is the config below correct to do this ?
nat (inside,outside) source static Any Our_NAT_Range destination static Remote_Server
object network Our_NAT_Range
subnet 10.50.1.0 255.255.255.0
object network Remote_Server
subnet 10.175.250.81 255.255.255.255
Then change the tunnel src interesting traffic to 10.50.1.0/24
07-29-2020 02:52 AM
You NAT-statement needs two times the Remote-Server object:
nat (inside,outside) source static Any Our_NAT_Range destination static Remote_Server Remote_Server
One is the original, and one the translated object. As you don't want to change the destination-address, both objects are the same.
07-29-2020 06:11 AM
Thanks, I assume its works on a pair relationship, i.e. only local traffic to the destination IP range will be NAT'ed ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide