I have a Cisco 2821 router under my control that Im connecting to another Cisco router that is not under my control. Im attempting to setup an IPSEC tunnel between the two routers working with the IT Engineer of the remote router. The tunnel works fine except that I need to route a single IP to the remote end and the problem is it already in use on the remote network. That IP Address is 10.30.1.7. The remote IT Engineer has asked me to NAT that IP address on my end to 10.199.1.7 so that he can route traffic back to me. I have setup many IPSEC tunnels but I have never NAT'ed the traffic going over the tunnel. Any help would be much apprciated. Below is the config of my router that deals with the tunnel.
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key test address 66..x.x.x
crypto map CiscoTunnel 1 ipsec-isakmp
set peer 66.x.x.x
set security-association lifetime kilobytes 4099445
set transform-set ESP-3DES-md5
match address 105
ip nat inside source route-map SDM_RMAP_1 interface Serial0/0/0:0 overload
access-list 101 deny ip host 10.30.1.7 host 172..x.x.x
access-list 101 permit ip any any
access-list 101 permit icmp any any
access-list 105 permit ip host 10.30.1.7 host 172..x.x.x
access-list 105 deny ip any any
access-list 105 permit icmp any any
route-map SDM_RMAP_1 permit 1
match ip address 101
Start Free Trial
