Solved

Cisco 5510 P2P VPN with double NAT (NAT Internal network to different range)

Posted on 2006-06-22
3
765 Views
Last Modified: 2013-11-16
I need to setup a point to point VPN where we need to map our internal address range to a different range because the network is already in use on the other side.

So we have an internal network of 192.168.2.X 255.255.255.0 currently NAT'ed to our outside interface IP. Since that range is in use on the other side of the VPN, I need to make it look like 192.168.22.X to the other side of the VPN.

Can anyone help?
Thanks
0
Comment
Question by:willp2
3 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 16963077
This examples show you how to configure IPSec tunnel with duplicate LAN on each side.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

0
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 500 total points
ID: 16973562
Here's what you need to do:

192.168.8.0 is the internal subnet of the remote VPN peer

1) access-list nat_vpn permit ip 192.168.2.0 255.255.255.0 192.168.8.0 255.255.255.0
2) static (inside, outside) 192.168.22.0 access-list nat_vpn
3) access-list vpn_acl permit ip 192.168.22.0 255.255.255.0 192.168.8.0 255.255.255.0
4) crypto map sample_map 10 match address vpn_acl

#1 defines the NAT match condition.
#2 defines the static NAT, what it does is that whenever traffic from 192.168.2.0/24 tries to go to 192.168.8.0, it will translate 192.168.2.x to 192.168.22.x
#3 changes the match address for the VPN, NAT will take place before encryption so traffic will be coming from 192.168.22.x instead of 192.168.2.x
#4 applies the new match address to the existing crypto map.





















0
 
LVL 1

Author Comment

by:willp2
ID: 16973920
Thanks, I had figured this out, but your answer is pretty much exactly what I ended up doing.  

Thanks again for your comments!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PCI Compliance and Open SQL ports 8 76
Itunes Thru ISA 2000 Server 2 122
Windows Firewall Rules for WMI and multiple subnets 4 85
Windows Firewall Dropping Allowed Packets 7 245
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question