I have a Cisco 1841 router with Adv Sec package on it and need to set up a static IPSec tunnel to a Cisco 3030 concentrator. The trick is that the interesting traffic has to be NAT'd through a different IP than the interface IP.
So the peering must happen on x.x.x.34, but encrypted traffic from me must come from x.x.x.35. This is a requirement of the office that I am connecting to. I've set up tunnels before, but never with this type of requirement.
What is the best way to accomplish this?
local network at 1841 end: 192.168.5.0/24
remote network at 3030 end: 172.16.5.0/24
ip address x.x.x.35
access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255
ip nat inside source list 101 interface loopback10 overload
Obviously in your crypto map access-list you need to use the Natted address ie.
access-list 102 permit ip host x.x.x.35 172.16.5.0 0.0.0.255