Multiple VPN's to different company's using the same ipaddressrange

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (2 ratings)
Loading.
kaachary Fri, 03/09/2007 - 04:50
User Badges:
  • Cisco Employee,

Yes, you can have the subnet natted specifically for this tunnel.


You can use policy based natting for this.

Its always a good idea to do NAT on both the ends, to avoid complexity in the config.



*Please rate if this helped.


-Kanishka

kaachary Fri, 03/09/2007 - 05:10
User Badges:
  • Cisco Employee,

Giving you an example :


Let's say the network on both the ends is 192.168.1.0/24.


On Watchgaurd they nat it to 192.168.2.0/24.


On your side, say , yu nat it to 192.168.3.0/24


The policy nat statements would be like this:


1: Create an acl for to identify traffic :

access-list policy_nat 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0


Define a static NAT with policy :


static (inside,outside) 192.168.3.0 access-list policy_nat


And you crypto ACL would look like :


access-list cry_acl 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0


You should be good to go !


*Please rate if helped.


-Kanishka


Actions

This Discussion