Jon Marshall Wed, 04/02/2008 - 03:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes it is although you don't say which device. Assuming a pix/asa you can use policy NAT.

VPN1 remote subnet =

VPN2 remote subnet =

access-list vpn1 permit ip host

access-list vpn2 permit ip host

nat (inside) 2 access-list vpn1

nat (inside) 3 access-list vpn2

global (outside) 2

global (outside) 3

So when going to VPN1 the host would get translated to and if going to VPN2 host gets translated to

Last thing to note. In your crypto access-list that defines which traffic to encrypt you need to refer to the Natted address and not the original one ie.

access-list vpnt1 permit ip host

access-list vpnt2 permit ip host


Muhammad Zeesha... Wed, 04/02/2008 - 04:14
User Badges:

thanx for your reply ..

im using 3825 isr .. so its an ios device.

can u help me out with the configs on the router


This Discussion