Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 5510 P2P VPN with double NAT (NAT Internal network to different range)

Posted on 2006-06-22
3
Medium Priority
?
780 Views
Last Modified: 2013-11-16
I need to setup a point to point VPN where we need to map our internal address range to a different range because the network is already in use on the other side.

So we have an internal network of 192.168.2.X 255.255.255.0 currently NAT'ed to our outside interface IP. Since that range is in use on the other side of the VPN, I need to make it look like 192.168.22.X to the other side of the VPN.

Can anyone help?
Thanks
0
Comment
Question by:willp2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 16963077
This examples show you how to configure IPSec tunnel with duplicate LAN on each side.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

0
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 2000 total points
ID: 16973562
Here's what you need to do:

192.168.8.0 is the internal subnet of the remote VPN peer

1) access-list nat_vpn permit ip 192.168.2.0 255.255.255.0 192.168.8.0 255.255.255.0
2) static (inside, outside) 192.168.22.0 access-list nat_vpn
3) access-list vpn_acl permit ip 192.168.22.0 255.255.255.0 192.168.8.0 255.255.255.0
4) crypto map sample_map 10 match address vpn_acl

#1 defines the NAT match condition.
#2 defines the static NAT, what it does is that whenever traffic from 192.168.2.0/24 tries to go to 192.168.8.0, it will translate 192.168.2.x to 192.168.22.x
#3 changes the match address for the VPN, NAT will take place before encryption so traffic will be coming from 192.168.22.x instead of 192.168.2.x
#4 applies the new match address to the existing crypto map.





















0
 
LVL 1

Author Comment

by:willp2
ID: 16973920
Thanks, I had figured this out, but your answer is pretty much exactly what I ended up doing.  

Thanks again for your comments!
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question