03-27-2007 01:39 PM - edited 03-11-2019 02:52 AM
We need to establish two site-to-site VPN sessions with different vendors. The problem is that each vendor is requesting us to use a specific IP range that they are providing to us and want us to statically NAT static (inside,outside) each worstation on our side that will connect to their network.
I am relunctant to do this because the config will become cumbersome but I might have to do it anyway.
This is the first time I have this type of request and was wondering if I can use global (inside) for each private network that we will connect to? Example is attached.
We also have some site-to-site VPNs that don't require this type of setting
03-27-2007 05:34 PM
Hello,
The easiest way to get this done, in my opinion, would be to use the static command in your policy nat. Lets say that your internal network is 172.16.1.0/24 and they want you to show up as 192.168.5.0/24. We'll also say the remote network you're trying to reach is 10.15.15.0/24. In that case, you would do something like this:
access-list policy_nat permit ip 172.16.1.0 255.255.255.0 10.15.15.0 255.255.255.0
static (inside,outside) 192.168.5.0 access-list policy_nat
This will translate your network to the desired network only when you try to reach the remote network across the VPN.
Hope this helps!
Bryan
03-28-2007 05:51 AM
I am a bit concerned using that since I already have an access-list nonat and aslo have nat (inside) 0 access-list nonat.
The current access-list nonat is used for the existing L-2-L that we have.
04-12-2007 09:41 AM
This posting was helpful since it leads me to my solution. However, the goal was to do a one on one static nat translation.
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide