I am using a Cisco ASA 5520 with three site-to-site VPN using ACL nonat and nat (inside) 0 access-list nonat. see below
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 172.16.249.0 255.255.255.0
nat (inside) 0 access-list nonat
I now have to create a new VPN but this time, the other party wants us to use static entries and to NAT our internal IP addresses to a range that they gave us. I was thinking of adding the following to my existing configuration:
access-list policy_nat permit ip 10.75.225.0 255.255.255.0 10.1.16.0 255.255.255.0
access-list vpn_static permit 10.75.225.0 255.255.255.0 10.1.16.0 255.255.255.0
static (inside,outside) 10.74.110.0 access-list policy_nat
Would this work?