Cisco Hide NAT

Hi I want to hide an IP range to another IP range on a Cisco 4500 without affecting any other traffic from either of these 2 ranges.

What I am looking for is something like this

NAT 10.10.10.*/24 behind 10.1.1.200 only when talking to 192.168.*.*/16

Any ideas?
ronanfitzAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:
you able to add 'ip nat inside' command to VLAN interface?
0
ronanfitzAuthor Commented:
the 10.10.10 range is not a vlan, it comes in on an ASA for VPN users
0
Istvan KalmarHead of IT Security Division Commented:
ok, you need to create rule on ASA
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ronanfitzAuthor Commented:
the asa conects to the 4500 on 10.2 so we cant put a hide nat behind a 10.1 address there
0
Istvan KalmarHead of IT Security Division Commented:
you able to create NAT on ASA
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ronanfitzAuthor Commented:
yep, the scenario is client comes in on a client-site vpn on 10.10.10.* and needs to go out over a site-site vpn to 192.168.*.*
0
Don JohnstonInstructorCommented:
Why not use a permit for the 10.10.10.0 addresses in the ACL associated with the NAT statement?
0
ronanfitzAuthor Commented:
we hav ethat in and the traffic doesnt get to the destination. I cant see any traffic on the B end of the site to site coming from 10.10.10.*
0
Don JohnstonInstructorCommented:
Please post the config.
0
ronanfitzAuthor Commented:
Hi Don,

Got it sorted, the problem was due to the  2 VPN's terminating on the same interface. Here is the link to the solution

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#solution2


same-security-traffic permit intra-interface

aka “Hairpinning”

Allowing peers connected to the same interface to communicate with each other.

Thanks for the assistance
0
ronanfitzAuthor Commented:
Answers helped me find the solution, but wasnt the actual solution
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.