Nat multiple Subnets to One IP (Cisco)

TestMonkey
TestMonkey used Ask the Experts™
on
I need to setup an IPSEC Tunnel and right now we have multiple subnets on both sides, so the access list is is quite long, now how do we make it so that all subnets just nat to one ip which understand the other end ip translations?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
you should use a net mask to consolidate. nat to one ip in general will not give you what you need.
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
better way if you no NATting it for only one address after the troubleshooting much more stinger if samwhere is a problem,,,,,

object-group network 'object-group network '

for example:

object-group network VPN
 network-object 192.168.0.0 255.255.254.0
 network-object 192.168.2.0 255.255.254.0

access-list VPN_access_in extended permit ip192.168.100.0 255.255.255.0 object-group VPN

Author

Commented:
ikalmar your everywhere dude :P lol

So i dont need to set that VPN_access and assign to an ethernet port?

Basically its 5 subnets on my side and 5 on their side, we both feel that having a config on both sides also makes it so those subnets are no longer usable to us.  What we are considering is having a single config, its all just IPSec

object-group network VPN
 network-object 192.168.0.0 255.255.254.0
 network-object 192.168.2.0 255.255.254.0
 Can you explain this a little better?

Commented:
If u can list the subnets on both side, we can help u to come up with a better netmask to simply your VPN
Head of IT Security Division
Top Expert 2010
Commented:
in this case you have only one ACL row..
And you define the subnets behind object group

Please refer this guide about:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/objecgrp.pdf

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial