Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco cryptomap VPN *with* NAT

Posted on 2011-03-08
3
Medium Priority
?
386 Views
Last Modified: 2012-08-13
Ok, normally when we create crypto map VPNs we dont want NAT to take place. In this case, I need to perform NAT hide behind a single IP address across the VPN connection.

How is this achieved with a cryptomap VPN? Im pretty sure I could do it no problem with a GRE tunnel based VPN.
0
Comment
Question by:Klinkeye
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
alienXeno earned 1500 total points
ID: 35081292
You can applu "ip nat oustside and "crypto map" on your WAN connectio nand use "ip nat isnide" on the LAN interface. You will then need to defin NAT POOL which will have aCL that will define which traffic needs to be NATted.
0
 
LVL 4

Author Comment

by:Klinkeye
ID: 35084050
So is the order in packet processing something like this:
ACL > NAT > VPN ENCAPSULATION > ROUTING ?
0
 
LVL 4

Author Closing Comment

by:Klinkeye
ID: 35259897
Was close to the final solution. A little more config was required in my case.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question