About this NAT Use Case
Use this Twice NAT use case to enable site-to-site VPN.
You are translating a pool of IP addresses to itself so that the IP addresses in one location on the network arrives unchanged in another.
Create a network object with the named Site-to-Site-PC-Pool. The value of the object should be a range of addresses that you want to be able to reach a particular resource elsewhere on the network.
Create a Twice NAT Rule
- On the Devices & Services page, select the device you want to create the NAT rule for.
- Click View NAT Rules in the Policy section of the Actions pane.
- Click Create NAT Rule > Twice NAT
- In section 1, select Static. Click Continue.
- In section 2, choose inside for the source interface and outside for the destination interface. Click Continue.
- In section 3, make these changes:
- Expand the Original Address menu, click Choose, and select the Site-to-Site-PC-Pool object you created in the prerequisites section.
- Expand the Translated Address menu, click Choose, and select the Site-to-Site-PC-Pool object you created in the prerequisites section.
- Click Save.
- Use the ASA to create a crypto map. See CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide and review the chapter on LAN-to-LAN IPsec VPNs for more information on creating a crypto map.
- Return to the Devices & Services page, select the device on which you made this change, and Write changes... to the device.
Entries in the ASA's Saved Configuration File
These are the entries that would appear in an ASA's saved configuration file as a result of these procedures:
Note: This does not apply to FTD devices.
Objects created by this procedure
object network Site-to-Site-PC-Pool
range 10.10.2.0 10.10.2.255
NAT rule created by this procedure
nat (inside,outside) source static Site-to-Site-PC-Pool Site-to-Site-PC-Pool