Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
2
Replies

Site to site VPN and NAT

Richard Tapp
Level 1
Level 1

‎07-29-2020 02:09 AM

I am about to configure a site to site VPN, where the destination side would like us to just present one /24 range.

We have mulitple ranges that will nee to connect to it so need to NAT any of our traffic going to the dest server to a /24 range.

Is the config below correct to do this ?

nat (inside,outside) source static Any Our_NAT_Range destination static Remote_Server

 

object network Our_NAT_Range

subnet 10.50.1.0 255.255.255.0

object network Remote_Server

subnet 10.175.250.81 255.255.255.255

 

Then change the tunnel src interesting traffic to 10.50.1.0/24

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎07-29-2020 02:52 AM

You NAT-statement needs two times the Remote-Server object:

nat (inside,outside) source static Any Our_NAT_Range destination static Remote_Server Remote_Server

One is the original, and one the translated object. As you don't want to change the destination-address, both objects are the same.

0 Helpful

Richard Tapp
Level 1
Level 1
In response to Karsten Iwen

‎07-29-2020 06:11 AM

Thanks, I assume its works on a pair relationship, i.e. only local traffic to the destination IP range will be NAT'ed ?

0 Helpful
Customers Also Viewed These Support Documents