Cisco ASA PIX Multiple NAT Statements
Posted on 2014-12-10
I have a host on which I have IIS running and it therefore needs to be publicly accessible on TCP80/443.
I now also need this host to be accessible over an IPSec VPN tunnel, also on TCP80/443.
The remote end requires me to source NAT my host and I therefore need the following.
1. Host A NATs to public IP x.x.x.x under normal circumstances.
2. Host A NATs to private IP y.y.y.y only when passing traffic over the IPSec tunnel.
How do I configure this ?
I originally had a static NAT statement mapping host A to y.y.y.y. If I try to add a second NAT statement using an ACL which specifies host A and the remote subnets I get an overlap error.
If I remove both statements and enter the NAT statement with the ACL first followed by the statement mapping host A to y.y.y.y I get the same error.
How can I configure it to NAT to different IP addresses based on different destinations ?