Solved

Help configuring Site-Site VPN Using NAT on Cisco 2811

Posted on 2009-05-20
4
494 Views
Last Modified: 2012-05-07
I need to set up a site to site VPN between my office and a customer office.
This VPN will be used for about 30 specific pcs in the customers environment, each on a separate subnet, one on a subnet that matches mine.  Because of the matching subnet, they have asked me to NAT all incoming traffic as though it were from 10.100.120.1
Can someone provide the router instructions for me to configure this?

Office equipment:  Cisco 2811 IOS c2800nm-advipservicesk9-mz.124-24.T
Office outside:  1.2.0.1
Office inside:  192.168.3.0

Customer outside:  2.3.0.1
Customer inside:  A list of 30 machines including one at 192.168.3.100

NAT source address to 10.100.120.1
VPN Requirements:
Phase1:
      Mode:  Main
Pre-Shared Key:  THISISTHEKEY
Encryption:  3DES
Authentication:  MD5
SA Life Time:  28800
DH Group:  Group 2
Phase 2:
      Protocol:  ESP
      Encryption:  3DES
      Authentication:  MD5
      SA Lifetime:  86400
      Encapsulation:  Tunnel

      

0
Comment
Question by:tward000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
ksims1129 earned 250 total points
ID: 24435778
They would need to do some translation on their side to help since you both have a 192.168.3.0 subnet
0
 

Author Comment

by:tward000
ID: 24435901
I had assumed that if all of my outbound traffic is NAT'ed to the source address  10.100.120.1 then they would only have to route traffic for 10.100.120.1 back to me without having to translate.  Is that assumption incorrect?
0
 
LVL 5

Assisted Solution

by:ksims1129
ksims1129 earned 250 total points
ID: 24435994
Yes thats correct but in order for your traffic to nat to that address you have to tell the nat process what to translate. If your going to send traffic to the customers 192.168.3.0  your customer would have to set up a nat rule for an additional subnet that you can translate to in order for traffic to make it accross. For instance, if you have a packet originating from 192.168.3.54 on your network to 192.168.3.11 on the customer site then by the nature of TCP/IP it will arp for the mac-address of the computer on the local network to send the packet to. In order for this to work you need the other end to nat their traffic so 192.168.3.11 on their end look as though its 10.168.3.11(or whatever) so that the router can differentiate what traffic is destined to where.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Max Connection Setting 7 85
Port# 500 and 4500 not open by ISP 10 92
Remote desktop connection frequent connection lost 5 102
TZ400 VPN Clients 5 42
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question