adding more than one global inside

Unanswered Question
Mar 27th, 2007
User Badges:
  • Silver, 250 points or more

We need to establish two site-to-site VPN sessions with different vendors. The problem is that each vendor is requesting us to use a specific IP range that they are providing to us and want us to statically NAT static (inside,outside) each worstation on our side that will connect to their network.

I am relunctant to do this because the config will become cumbersome but I might have to do it anyway.

This is the first time I have this type of request and was wondering if I can use global (inside) for each private network that we will connect to? Example is attached.

We also have some site-to-site VPNs that don't require this type of setting



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
bthibode Tue, 03/27/2007 - 17:34
User Badges:

Hello,


The easiest way to get this done, in my opinion, would be to use the static command in your policy nat. Lets say that your internal network is 172.16.1.0/24 and they want you to show up as 192.168.5.0/24. We'll also say the remote network you're trying to reach is 10.15.15.0/24. In that case, you would do something like this:


access-list policy_nat permit ip 172.16.1.0 255.255.255.0 10.15.15.0 255.255.255.0


static (inside,outside) 192.168.5.0 access-list policy_nat


This will translate your network to the desired network only when you try to reach the remote network across the VPN.


Hope this helps!


Bryan

Tshi M Wed, 03/28/2007 - 05:51
User Badges:
  • Silver, 250 points or more

I am a bit concerned using that since I already have an access-list nonat and aslo have nat (inside) 0 access-list nonat.

The current access-list nonat is used for the existing L-2-L that we have.

Tshi M Thu, 04/12/2007 - 09:41
User Badges:
  • Silver, 250 points or more

This posting was helpful since it leads me to my solution. However, the goal was to do a one on one static nat translation.


Thanks,

Actions

This Discussion