NAT through a VPN

Unanswered Question
Mar 20th, 2008

Ok here's the situation. I have an 871 that currently terminates 2 VPN tunnels to partners. I'm in the process of connecting to another partner which would bring the total count to 3. This 3rd partner is requiring me to NAT all the addresses on my network to a different subnet. I've never had to configure NAT through a VPN before and I can't seem to find any documentation on how to do this on cisco's site. Does anybody have any input or advice?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Thu, 03/20/2008 - 12:22


This falls under policy nat, I have done similar scenario but in asa firewall where other end of tunnel expect that when the tunnel is stablished that you appear to them with a pre-defined nat pool addresses already configured at their end thus mapping that pre-defined pool into their destination hosts. Therefore , your side of the tunnel must be natted to that pool before your source hosts can access the destination hosts.

This is an example in pix/asa firewall

assume your source hosts prior NAT are, destination host is at other side of tunnel

NAT pool assign to you is

access-list CLIENT-A-Tunnel permit ip host

global (outside) ID# netmask

nat (inside) ID# access-list CLIENT-A-Tunnel

But in IOS I have not seen a specific document as ablove PIX/ASA example but you could apply the example in the bellow link.

Not exactly but similarly if your network and other side of the tunnel had duplicate local LAN addresses at each end, but instead you will nat or hide if you will your inside LAN before it hits the other end of the tunnel.





This Discussion