Cisco ASA 5510 Dynamic nat

Good morning everyone,

We currently have a VPN setup with a client. We now need our home users to access their resources as well. Normally I can just add the home users pool ( to each end of the tunnel, however the client already has a VPN with a So, my idea is to have the translated into when it tries to hit the client side (

I'm pretty sure I need to setup a Dynamic nat policy, but I haven't really done this before. Any help would be beneficial! Thanks
Who is Participating?
rauenpcConnect With a Mentor Commented:
I think you would need to reference the outside interface, and the ACL would need to reference the original source and real destination. I might be wrong on the outside interface part. I always thought that for vpn it was considered the security level of inside, but nat rules had to reference the real interfaces that traffic was traversing.

access-list Exempt permit ip
global (outside) 2 netmask
nat (outside) 2 access-list Exempt

This should translate the source to when destined for You are correct about adding the subnet to the tunnel. You will probably need to add a nonat rule for the return traffic so that --> doesn't get translated again.
What version of ASA do you have? If you have 8.3 or later you can use twice nat. Example:

Depending on the complexity of your ASA and network, it might be easier to just change the VPN client pool.
prlitAuthor Commented:
8.2. I could do that for the one client, but our network is pretty complex. I'd have to change about 80+ tunnels to if I change the pool.

Could I do something like..

access-list Exempt permit ip
global (inside) 2 netmask
nat (inside) 2 access-list Exempt

And Of course, add the to the tunnels.
prlitAuthor Commented:
Thanks! I had it right with my commands, but your outside part I didn't have right. Thanks for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.