• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 813
  • Last Modified:

Cisco Hide NAT

Hi I want to hide an IP range to another IP range on a Cisco 4500 without affecting any other traffic from either of these 2 ranges.

What I am looking for is something like this

NAT 10.10.10.*/24 behind 10.1.1.200 only when talking to 192.168.*.*/16

Any ideas?
0
ronanfitz
Asked:
ronanfitz
  • 6
  • 3
  • 2
2 Solutions
 
Istvan KalmarHead of IT Security Division Commented:
you able to add 'ip nat inside' command to VLAN interface?
0
 
ronanfitzAuthor Commented:
the 10.10.10 range is not a vlan, it comes in on an ASA for VPN users
0
 
Istvan KalmarHead of IT Security Division Commented:
ok, you need to create rule on ASA
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
ronanfitzAuthor Commented:
the asa conects to the 4500 on 10.2 so we cant put a hide nat behind a 10.1 address there
0
 
Istvan KalmarHead of IT Security Division Commented:
you able to create NAT on ASA
0
 
ronanfitzAuthor Commented:
yep, the scenario is client comes in on a client-site vpn on 10.10.10.* and needs to go out over a site-site vpn to 192.168.*.*
0
 
Don JohnstonInstructorCommented:
Why not use a permit for the 10.10.10.0 addresses in the ACL associated with the NAT statement?
0
 
ronanfitzAuthor Commented:
we hav ethat in and the traffic doesnt get to the destination. I cant see any traffic on the B end of the site to site coming from 10.10.10.*
0
 
Don JohnstonInstructorCommented:
Please post the config.
0
 
ronanfitzAuthor Commented:
Hi Don,

Got it sorted, the problem was due to the  2 VPN's terminating on the same interface. Here is the link to the solution

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#solution2


same-security-traffic permit intra-interface

aka “Hairpinning”

Allowing peers connected to the same interface to communicate with each other.

Thanks for the assistance
0
 
ronanfitzAuthor Commented:
Answers helped me find the solution, but wasnt the actual solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now