Cisco 5510 P2P VPN with double NAT (NAT Internal network to different range)

I need to setup a point to point VPN where we need to map our internal address range to a different range because the network is already in use on the other side.

So we have an internal network of 192.168.2.X 255.255.255.0 currently NAT'ed to our outside interface IP. Since that range is in use on the other side of the VPN, I need to make it look like 192.168.22.X to the other side of the VPN.

Can anyone help?
Thanks
LVL 1
willp2Asked:
Who is Participating?
 
stressedout2004Connect With a Mentor Commented:
Here's what you need to do:

192.168.8.0 is the internal subnet of the remote VPN peer

1) access-list nat_vpn permit ip 192.168.2.0 255.255.255.0 192.168.8.0 255.255.255.0
2) static (inside, outside) 192.168.22.0 access-list nat_vpn
3) access-list vpn_acl permit ip 192.168.22.0 255.255.255.0 192.168.8.0 255.255.255.0
4) crypto map sample_map 10 match address vpn_acl

#1 defines the NAT match condition.
#2 defines the static NAT, what it does is that whenever traffic from 192.168.2.0/24 tries to go to 192.168.8.0, it will translate 192.168.2.x to 192.168.22.x
#3 changes the match address for the VPN, NAT will take place before encryption so traffic will be coming from 192.168.22.x instead of 192.168.2.x
#4 applies the new match address to the existing crypto map.





















0
 
prashsaxCommented:
This examples show you how to configure IPSec tunnel with duplicate LAN on each side.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

0
 
willp2Author Commented:
Thanks, I had figured this out, but your answer is pretty much exactly what I ended up doing.  

Thanks again for your comments!
0
All Courses

From novice to tech pro — start learning today.