asked on

Cisco Hide NAT

Hi I want to hide an IP range to another IP range on a Cisco 4500 without affecting any other traffic from either of these 2 ranges.

What I am looking for is something like this

NAT 10.10.10.*/24 behind 10.1.1.200 only when talking to 192.168.*.*/16

Any ideas?

Istvan Kalmar

you able to add 'ip nat inside' command to VLAN interface?

ronanfitz

ASKER

the 10.10.10 range is not a vlan, it comes in on an ASA for VPN users

Istvan Kalmar

ok, you need to create rule on ASA

ronanfitz

ASKER

the asa conects to the 4500 on 10.2 so we cant put a hide nat behind a 10.1 address there

ASKER CERTIFIED SOLUTION

Istvan Kalmar

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ronanfitz

ASKER

yep, the scenario is client comes in on a client-site vpn on 10.10.10.* and needs to go out over a site-site vpn to 192.168.*.*

SOLUTION

Don Johnston

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ronanfitz

ASKER

we hav ethat in and the traffic doesnt get to the destination. I cant see any traffic on the B end of the site to site coming from 10.10.10.*

Don Johnston

Please post the config.

ronanfitz

ASKER

Hi Don,

Got it sorted, the problem was due to the 2 VPN's terminating on the same interface. Here is the link to the solution

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml#solution2

same-security-traffic permit intra-interface

aka “Hairpinning”

Allowing peers connected to the same interface to communicate with each other.

Thanks for the assistance

ronanfitz

ASKER

Answers helped me find the solution, but wasnt the actual solution