2 Replies Latest reply: Mar 28, 2012 3:50 AM by Jeron RSS

    Cisco ASA Site to Site IPSEC VPN and NAT question


      Hi Folks,




      I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:




      ASA2 is at HQ and ASA1 is a remote site. I have no problem setting up a static static Site to Site IPSEC VPN between sites. Hosts residing at are able to communicate with hosts at, but what i want is to setup NAT with IPSEC VPN so that host at will communicate with hosts at with translated addresses




      Just an example:


      Host N2 ( will communicate with host N1 with destination lets say not (Notice the last octet should be the same in this case .5)

      The same translation for the rest of the communication (Host N2 pings host N3 destination ip not again last octet is the same)

      It sounds a bit confusing for me but i have seen this type of setup before when I worked for managed service provider where we had connection to our clients (Site to Site Ipsec VPN with NAT, not sure how it was setup)

      Basically we were communicating with client hosts over site to site VPN but their real addresses were hidden and we were using translated address as mentioned above instead of (real), last octet should be the same.


      Appreciate if someone can shed some light on it.