You can use static pat address's for ports which will not be required by your VPN protocol. This is done most often using the interface keyword in your static statements.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tyson Scott Sent: Wednesday, November 10, 2010 5:12 PM To: 'Paul Tribe'; [email protected] Subject: Re: [OSL | CCIE_Security] Cisco ASA - VPN and NAT There is no reason this wouldn't work. VPN has nothing to do with other protocols. So the best thing to do is test what you want to do and if you run into issues let us know what is not working for you. Configuration is simply in the configuration guides found here: http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/c onfi g.html I am assuming you are using 8.3 since your other questions where in relation to this version. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Paul Tribe Sent: Wednesday, November 10, 2010 11:23 AM To: [email protected] Subject: [OSL | CCIE_Security] Cisco ASA - VPN and NAT Hi Can anyone tell me if an ASA that has a single public IP address (On the outside interface), is able to support both VPN and Static NAT with Port Numbers configuration at the same time. I seem to remember having issues with this in a lab in the past. It would be even more useful if some one could point me to a configuration example. Regards Paul Confidentiality Statement This email (and any attachment) is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed. If you received this message in error please tell us by reply (or telephone the sender) and delete all copies on your system. Any review, dissemination, distribution, copying or other use of this communication or the information in it is strictly prohibited. The sender does not accept liability for any errors or omissions Whilst Nowcomm have taken reasonable precautions to ensure that any attachments to this email has been swept for viruses, we cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment. HELP THE ENVIRONMENT - THINK BEFORE YOU PRINT! Do you really need to print a copy of this email? If you do need to print remember to consider economy printer settings. Internal Virus Database is out of date. Checked by AVG - www.avg.com Version: 9.0.829 / Virus Database: 271.1.1/2925 - Release Date: 06/08/10 03:05:00 "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." ''Ce message et tous les documents joints sont ? l'attention exclusive du destinataire de ce message et peuvent contenir de l'information confidentielle ou privil?gi?e. Si vous n'?tes pas le destinataire vis?, toute divulgation, copie, utilisation ou distribution de l'information contenue dans ce message et les documents joints est interdite. Si vous avez re?u ce message par erreur, veuillez nous le faire savoir par courriel imm?diatement et supprimer de fa?on permanente ce message et les documents joints. Merci.'' _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
