Double Nat Site-to-Site VPN Pix

supertoaster2 · ‎07-04-2007

I need to double-nat a site-to-site VPN because both sites are using the same ip address range, can any one assist?

Jon Marshall · ‎07-04-2007

Hi

Site 1 subnet 192.168.1.0

Site 2 subnet 192.168.1.0

Site 1 NAT subnet 172.16.5.0

Site 2 NAT subnet 172.16.6.0

Site 1

======

access-list pnat permit ip 192.168.1.0 255.255.255.0 172.16.6.0 255.255.255.0

nat (inside) 2 access-list pnat

global (outside) 2 172.16.5.0 255.255.255.0

Your crypto access-list will read

access-list vpntraffic permit ip 172.16.5.0 255.255.255.0 172.16.6.0 255.255.255.0

Site 2

======

access-list pnat permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0

nat (inside) 2 access-list pnat

global (outside) 2 172.16.6.0 255.255.255.0

Your crypto access-list will read

access-list vpntraffic permit ip 172.16.6.0 255.255.255.0 172.16.5.0 255.255.255.0

HTH

Jon

supertoaster2 · ‎07-04-2007

Thank you Jon