cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
223
Views
0
Helpful
1
Replies

NAT through a VPN Tunnel

russ.haskett
Level 1
Level 1

I am trying to NAT through a new tunnel with an outside vendor.

Lets say that he has a 10.10.0.0/24 subnet and the network I am trying to connect him with is also a 10.10.0.0/24 subnet.

Since I have other tunnels coming in to a server on my 10.10.0.0/24 subnet I am thinking that I want to NAT his subnet on it's way into my network through the VPN.

This is the relevant confg snippets for what I am trying to do (assume the crypto maps etc... are correct). Does this look right?

static (outside,inside) 10.10.0.0 172.20.0.0 netmask 255.255.255.0

!

object-group network MY-SERVER

network-object 10.10.0.12 255.255.255.255

!

object-group network Vendor-Connect-To-Me

network-object 172.20.0.0 255.255.255.0

!

access-list nonat permit ip object-group MY-SERVER object-group Vend-Connect-To-Me

access-list Vend permit tcp object-group MY-SERVER object-group Vend-Connect-To-Me eq 23

1 Reply 1

russ.haskett
Level 1
Level 1

Just hit me as I was whiteboarding the scenario that this would leave Mr. Vendor with a routing problem trying to get traffic for 10.10.0.12 to go out the VPN tunnel.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: