Site to Site VPN: Static and Dynamic NAT

Unanswered Question
May 8th, 2008

Overview of data flow. The other company is requiring us to nat to the 192.168.x.x addresses

- Outbound ftp traffic from any host to X needs to be natted to a single ip address

- SMTP traffic needs to flow both ways to a natted ip address (problem here is that our server will send email on 1 ip address and receive on another)

- Inbound ftp needs to go to a single natted ip address

Our ip's are 10.10.x.x and we will be natting to a 192.168.221.x address.

Two Static Nat's for inbound ftp and smtp traffic

Static (inside,outside) 10.10.x.y [This is for the inbound ftp]

Static (inside,outside) 10.10.x.x [ Inbound SMTP Traffic]

Dynamic Nat for Outbound FTP/SMTP

Access-list mynat permit ip host x.y.z.1 (traffic to ftp)

access-list mynat permit ip host x.y.z.2 (traffic to their smtp server)

Nat(inside) 4 access-list mynat

Global(outside) 4

Crypto Access-list

Access-list vpnacl permit ip x.y.z.0

Crypto map mymap 10 match address vpnacl


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ventivcisco Thu, 05/08/2008 - 07:35

I forgot to ask if anyone could let me know if this would work and if it is the best way to do it.



This Discussion