Cisco IOS router, Hide Internal subnet in a new ip pool. NAT Before IPSEC

Unanswered Question
Dec 19th, 2007

Hello All,

I would like to create the following setup;

my internal LAN's are:

192.168.1.0 255.255.255.0

192.168.2.0 255.255.255.0

I need to connect to this VPN network;

172.26.222.0 255.255.255.224

With my own assigned IP Range:

172.26.226.145 255.255.255.248

So i need to hide my internal net;

192.168.1.0 / 24

192.168.2.0 / 24

behind;

172.26.226.144 255.255.255.248

if i need to reach:

172.26.222.0 255.255.255.224

without disturbing any;

Internet traffic

(there is a nat overload defined;)

ip nat inside source list 12 interface Dialer0 overload

access-list 12 defines some deny's for current vpn traffic and a permit for internal LAN to Internet.

I was thinking by doing this in a route-map?

ip nat inside source route-map VPN interface Dialer0 overload

ip nat inside source static network 192.168.1.0 0.0.0.255 172.26.226.144 0.0.07 route-map VPN extendable

and

ip nat inside source static network 192.168.2.0 0.0.0.255 172.26.226.144 0.0.07 route-map VPN extendable

access-list 144 deny ip 172.26.226.144 0.0.0.7 172.26.222.0 0.0.0.31

access-list 144 deny ip 172.26.222.0 0.0.0.31 172.26.226.144 0.0.0.7

access-list 144 permit ip 192.168.1.0 0.0.0.255 any

access-list 144 permit ip 192.168.2.0 0.0.0.255 any

route-map VPN permit 10

match ip address 144

Does anybody have some experience doing so?

Thanks in advance for any answer.

Regards,

Ralph

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
htarra Wed, 12/26/2007 - 14:21

For creating VPN between two sites you need public IP's on both sides. !72.26.x.x is a private network IP and cannot be used for VPN if it is over Internet. The internal network 192.168.x.x can be made hidden using a firewall or access lists.

Actions

Login or Register to take actions

This Discussion

Posted December 19, 2007 at 12:26 PM
Stats:
Replies:1 Avg. Rating:
Views:629 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard