VPN Tunnel & Static NAT

One of our clients has a site to site VPN tunnel established.  The Peer Partner is requesting the ability to use a public IP statically NAT'd to our server in order to reach our local server since multiple remote sites from the peer have the same local ip scheme.  

We have a Cisco ASA 5505.

The tunnel is established, and I have a static NAT established but I'm unable to get the traffic to use the static NAT instead of the internal address.  

Any ideas?
Who is Participating?
You need to setup policy NAT which will do NAT for specific destination.

static (Inside,Outside) <Public IP>  access-list VPN_NAT
access-list VPN_NAT extended permit ip host <INSIDE IP> <REMOTE NETWORK> <REMOTE NETWORK MASK>

You will also need to modify VPN configuration and change the <INSIDE IP> to <Public IP>. The remote peer will need to do the same or encryption domains will not match and VPN will not come up.
You can NAT and then encrypt traffic over the VPN; NAT takes place before crypto operations.

This would require changing the VPN, though, so that the VPN matches the public IP to which the server is NAT'd.

Just set up a static NAT and change the access lists for the VPN (each end has to be modified).

Policy NAT will work, but it is not strictly necessary.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.