Solved

Cisco 5510 P2P VPN with double NAT (NAT Internal network to different range)

Posted on 2006-06-22
3
762 Views
Last Modified: 2013-11-16
I need to setup a point to point VPN where we need to map our internal address range to a different range because the network is already in use on the other side.

So we have an internal network of 192.168.2.X 255.255.255.0 currently NAT'ed to our outside interface IP. Since that range is in use on the other side of the VPN, I need to make it look like 192.168.22.X to the other side of the VPN.

Can anyone help?
Thanks
0
Comment
Question by:willp2
3 Comments
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
This examples show you how to configure IPSec tunnel with duplicate LAN on each side.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

0
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 500 total points
Comment Utility
Here's what you need to do:

192.168.8.0 is the internal subnet of the remote VPN peer

1) access-list nat_vpn permit ip 192.168.2.0 255.255.255.0 192.168.8.0 255.255.255.0
2) static (inside, outside) 192.168.22.0 access-list nat_vpn
3) access-list vpn_acl permit ip 192.168.22.0 255.255.255.0 192.168.8.0 255.255.255.0
4) crypto map sample_map 10 match address vpn_acl

#1 defines the NAT match condition.
#2 defines the static NAT, what it does is that whenever traffic from 192.168.2.0/24 tries to go to 192.168.8.0, it will translate 192.168.2.x to 192.168.22.x
#3 changes the match address for the VPN, NAT will take place before encryption so traffic will be coming from 192.168.22.x instead of 192.168.2.x
#4 applies the new match address to the existing crypto map.





















0
 
LVL 1

Author Comment

by:willp2
Comment Utility
Thanks, I had figured this out, but your answer is pretty much exactly what I ended up doing.  

Thanks again for your comments!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now