07-12-2007 10:59 AM - edited 02-21-2020 03:09 PM
Hello together,
i have a problem with my VPN.
I have an 1811 Router and on the other side, there is an concentrator(customer).
I want to NAT the inside hosts to one public IP befor the tunnel.
i have attached the config.please have a look at the config and answer me, if the config works or if i have a problem.
Thanks a lot.
07-12-2007 02:05 PM
Hi there, it looks ok except that you will most likely have a NAT problem.
You will probably end up NAT:ing all traffic, not only traffic to 10.10.0.0/16.
In order to NAT based on destination addresses you should use route maps like this. From the top of my head:
access-list 108 permit ip any 10.10.0.0 0.0.255.255
route-map NAT-DST permit 10
match ip address 108
ip nat inside source route-map NAT-DST pool NATPOOL overload
Something like that
07-12-2007 10:23 PM
Hi there.
You have created crypto map called Tunnel, yet applied Tunnelhp
!
interface FastEthernet0
no crypto map TUNNELHP
crypto map TUNNEL
I'd also like more clarification on the first reply.
Tim
07-13-2007 02:02 AM
@timkaye@empired:
Yes, the names are wrong, I forgot to mention that in my post.
What I tried to explain was that when you do destination-based NAT you should use route-maps, because it will always create an extended translation entry.
That will ensure that the packet will only get NAT'd if it matches the route-map statement, even if there is already a NAT entry for the same local IP address.
NAT with an extended ACL will work in most situations, but it could fail as it sometimes creates only a simple translation entry.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: