Solved

Cisco 5510 P2P VPN with double NAT (NAT Internal network to different range)

Posted on 2006-06-22
3
772 Views
Last Modified: 2013-11-16
I need to setup a point to point VPN where we need to map our internal address range to a different range because the network is already in use on the other side.

So we have an internal network of 192.168.2.X 255.255.255.0 currently NAT'ed to our outside interface IP. Since that range is in use on the other side of the VPN, I need to make it look like 192.168.22.X to the other side of the VPN.

Can anyone help?
Thanks
0
Comment
Question by:willp2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 16963077
This examples show you how to configure IPSec tunnel with duplicate LAN on each side.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

0
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 500 total points
ID: 16973562
Here's what you need to do:

192.168.8.0 is the internal subnet of the remote VPN peer

1) access-list nat_vpn permit ip 192.168.2.0 255.255.255.0 192.168.8.0 255.255.255.0
2) static (inside, outside) 192.168.22.0 access-list nat_vpn
3) access-list vpn_acl permit ip 192.168.22.0 255.255.255.0 192.168.8.0 255.255.255.0
4) crypto map sample_map 10 match address vpn_acl

#1 defines the NAT match condition.
#2 defines the static NAT, what it does is that whenever traffic from 192.168.2.0/24 tries to go to 192.168.8.0, it will translate 192.168.2.x to 192.168.22.x
#3 changes the match address for the VPN, NAT will take place before encryption so traffic will be coming from 192.168.22.x instead of 192.168.2.x
#4 applies the new match address to the existing crypto map.





















0
 
LVL 1

Author Comment

by:willp2
ID: 16973920
Thanks, I had figured this out, but your answer is pretty much exactly what I ended up doing.  

Thanks again for your comments!
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question