Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
1
Replies

Site to Site VPN w/ PAT

Bmodlin
Level 1
Level 1

‎11-28-2017 05:55 PM - edited ‎03-12-2019 04:46 AM

I just finished configuring a Site to Site VPN.  Both Phase I and Phase II are up.  My issue isI need to NAT my internal network (10.1.10.0/23) to a 10.112.9.208/28 across the VPN.  In addition, I need to PAT all traffic using the 1st available IP on the NATTed network (10.112.9.209).

 

I created the following NAT rule and placed it in line 1:

 

nat (inside,outside) source static obj-10.1.10.0_23 obj-10.112.9.208_23 destination static remote-net remote-net  no-proxy-arp

 

I am unable to ping across the VPN.

 

I then add a one to one NAT like this:

 

nat (inside,outside) 2 source static obj-10.1.10.49 obj-10.112.9.210 destination static remote-net remote-net 

 

I CAN ping across the VPN.

 

How can I PAT across the VPN using only 10.112.9.209 for all machines?

 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-28-2017 11:17 PM

For PAT, you need a dynamic translation:

nat (inside,outside) source dynamic obj-10.1.10.0_23 obj-10.112.9.209 destination static remote-network remote-network
0 Helpful
Customers Also Viewed These Support Documents