rmdb
asked on
Help using NAT/PAT over a Cisco IPSec Tunnel
Dear All,
I need help with the following:
I have three sites, A (Core is a Cisco 3560-X), B (Core is a Cisco 3560-X) and C... Site C is from an external entity that's connected to site B’s 2921 router and only accepts connections, from our side, from a /24 network they gave us…
For site A and B, they are connected using two Cisco Router 2921 (each are connected directly to the Ciscos 3560-X) that's using an IPSec Tunnel to encapsulate the communication for the internal networks...
Basically I want to reach site C, from site A, but because I need to NAT A’s internal network to the one that C accepts... This network is also declared on site B's 3560-X
How can I achieve this?
Some more information:
Site A internal network: 192.168.1.0/24
Site C network that they accept: 10.10.10.1/24
I know that this may seem very little information, but please ask and I’ll reply.
I need help with the following:
I have three sites, A (Core is a Cisco 3560-X), B (Core is a Cisco 3560-X) and C... Site C is from an external entity that's connected to site B’s 2921 router and only accepts connections, from our side, from a /24 network they gave us…
For site A and B, they are connected using two Cisco Router 2921 (each are connected directly to the Ciscos 3560-X) that's using an IPSec Tunnel to encapsulate the communication for the internal networks...
Basically I want to reach site C, from site A, but because I need to NAT A’s internal network to the one that C accepts... This network is also declared on site B's 3560-X
How can I achieve this?
Some more information:
Site A internal network: 192.168.1.0/24
Site C network that they accept: 10.10.10.1/24
I know that this may seem very little information, but please ask and I’ll reply.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
!
ip access-list extended sitea-sitec
permit ip h 192.168.1.2 10.10.10.0 255.255.255.0
permit ip h 192.168.1.3 10.10.10.0 255.255.255.0
route-map sitea-sitec permit 10
match ip address sitea-sitec
ip nat outside source static 192.168.1.2 192.168.2.250 route-map sitea-sitec
ip nat outside source static 192.168.1.3 192.168.2.251 route-map sitea-sitec
edit; inside to outside