Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
1
Replies

NAT through a VPN Tunnel

russ.haskett
Level 1
Level 1

‎10-12-2007 09:45 AM - edited ‎02-21-2020 03:19 PM

I am trying to NAT through a new tunnel with an outside vendor.

Lets say that he has a 10.10.0.0/24 subnet and the network I am trying to connect him with is also a 10.10.0.0/24 subnet.

Since I have other tunnels coming in to a server on my 10.10.0.0/24 subnet I am thinking that I want to NAT his subnet on it's way into my network through the VPN.

This is the relevant confg snippets for what I am trying to do (assume the crypto maps etc... are correct). Does this look right?

static (outside,inside) 10.10.0.0 172.20.0.0 netmask 255.255.255.0

!

object-group network MY-SERVER

network-object 10.10.0.12 255.255.255.255

!

object-group network Vendor-Connect-To-Me

network-object 172.20.0.0 255.255.255.0

!

access-list nonat permit ip object-group MY-SERVER object-group Vend-Connect-To-Me

access-list Vend permit tcp object-group MY-SERVER object-group Vend-Connect-To-Me eq 23

Labels:
0 Helpful
1 Reply 1

russ.haskett
Level 1
Level 1

‎10-12-2007 10:15 AM

Just hit me as I was whiteboarding the scenario that this would leave Mr. Vendor with a routing problem trying to get traffic for 10.10.0.12 to go out the VPN tunnel.

0 Helpful
Customers Also Viewed These Support Documents