Unanswered Question
Apr 2nd, 2008

A router is making an ipsec connection to two different routers over internet.

Only a singe ip lets say is allowed over vpn

Is it possible to nat the ip to two different ips for each vpn

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 04/02/2008 - 03:35

Yes it is although you don't say which device. Assuming a pix/asa you can use policy NAT.

VPN1 remote subnet =

VPN2 remote subnet =

access-list vpn1 permit ip host

access-list vpn2 permit ip host

nat (inside) 2 access-list vpn1

nat (inside) 3 access-list vpn2

global (outside) 2

global (outside) 3

So when going to VPN1 the host would get translated to and if going to VPN2 host gets translated to

Last thing to note. In your crypto access-list that defines which traffic to encrypt you need to refer to the Natted address and not the original one ie.

access-list vpnt1 permit ip host

access-list vpnt2 permit ip host


Muhammad Zeesha... Wed, 04/02/2008 - 04:14

thanx for your reply ..

im using 3825 isr .. so its an ios device.

can u help me out with the configs on the router


This Discussion