VPN Tunnel IPSEC L2L VPN NAT not acting as intended

Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Tunnel IPSEC L2L VPN NAT not acting as intended

L0 Member

I am Labbing up a configuration I am about to go live with in production but it is not acting as it should when trying to apply a NAT rule to a tunnel interface. When I apply individual rules to the vpn traffic as I would like it to act I am not getting the intended result. I have to select bi-direction to get the NAT rule to act as it should. It works that way but it bugs me on why it is not working as intdended. 




NAT Rules

NameSrc ZoneDest zonedest intsrc addrdest addsservicesrc translationdest translation
bi-directional: no
VPN-INVPNVPN anyany10.0.110.0/24anynoneaddress

If I change bi-directional to yes on VPN out the both directions work. If I leave it as NO the traffic does not hit VPN-IN no matter what I do. 


any suggestions of what is going on is greatly appreciated. 





Cyber Elite
Cyber Elite


If you are using a bi-directional NAT. I would recommend you set it to yes. This prevent asymmetric routing and could cause applications to fail.

Here is an article that may help.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!