Jon Marshall Wed, 04/02/2008 - 03:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes it is although you don't say which device. Assuming a pix/asa you can use policy NAT.


VPN1 remote subnet = 172.16.5.0/24

VPN2 remote subnet = 192.168.5.0/24


access-list vpn1 permit ip host 172.20.18.25 172.16.5.0 255.255.255.0


access-list vpn2 permit ip host 172.20.18.25 192.168.5.0 255.255.255.0


nat (inside) 2 access-list vpn1

nat (inside) 3 access-list vpn2


global (outside) 2 10.5.1.10

global (outside) 3 10.6.1.10


So when going to VPN1 the host 172.20.18.25 would get translated to 10.5.1.0 and if going to VPN2 host gets translated to 10.6.1.10.


Last thing to note. In your crypto access-list that defines which traffic to encrypt you need to refer to the Natted address and not the original one ie.


access-list vpnt1 permit ip host 10.5.1.10 172.16.5.0 255.255.255.0


access-list vpnt2 permit ip host 10.6.1.10 192.168.5.0 255.255.255.0



Jon

Muhammad Zeesha... Wed, 04/02/2008 - 04:14
User Badges:

thanx for your reply ..


im using 3825 isr .. so its an ios device.



can u help me out with the configs on the router

Actions

This Discussion