About this NAT Use Case
Use this Twice NAT use case to enable site to site VPN.
You are translating a pool of IP addresses to itself so that the IP addresses in one location on the network arrives unchanged in another.
Create a network object with the named Site-to-Site-PC-Pool. The value of the object should be a range of addresses that you want to be able to reach a particular resource elsewhere on the network.
Create a Twice NAT Rule
- On the Devices & Services page, select the ASA you want to create the NAT rule for.
- Click View NAT Rules in the Policy section of the Actions pane.
- Click Create NAT Rule > Twice NAT
- In section 1, select Static. Click Continue.
- In section 2, choose inside for the source interface and outside for the destination interface. Click Continue.
- In section 3, make these changes:
- Expand the Original Address menu, click Choose, and select the Site-to-Site-PC-Pool object you created in the prerequisites section.
- Expand the Translated Address menu, click Choose, and select the Site-to-Site-PC-Pool object you created in the prerequisites section.
- Click Save.
- Use the ASA to create a crypto map. See CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide and review the chapter on LAN-to-LAN IPsec VPNs for more information on creating a crypto map.
- Return to the Devices & Services page, select the ASA on which you made this change, and Write changes... to the ASA.
Entries in the ASA's Saved Configuration File
Objects created by this procedure
object network Site-to-Site-PC-Pool
range 10.10.2.0 10.10.2.255
NAT rule created by this procedure
nat (inside,outside) source static Site-to-Site-PC-Pool Site-to-Site-PC-Pool