Site-to-site VPN additional IP subnet access

Unanswered Question
Jul 28th, 2008
User Badges:


I have site to site vpn it working well, Then VPN has been estaalished serveral years back , now clients are added (600No.s PC.) i want using additional subnet IP , but VPN should work without modify the client side firewall.

i know client if add my additional subnet it will work. I want know any way using like policy NAT? my excisting Subnet



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Daniel Voicu Mon, 07/28/2008 - 07:42
User Badges:
  • Silver, 250 points or more

Hi Karthik,

The NAT will work if your side is the initiator of the traffic to the client end.

You simply NAT (many to one) the new subnet to one IP from the old subnet.

All the requests from the new subnet will use that single IP when connecting to client servers.

Let me know the device you use for VPN to provide you a NAT template.

Please rate if this helped.



mkkeyan Tue, 07/29/2008 - 03:54
User Badges:

hi Daniel

here is my vpn config,with this config is possible?



access-list To2M extended permit ip

access-list nonat extended permit ip

nat (inside) 0 access-list nonat

crypto ipsec transform-set DES esp-des esp-sha-hmac

crypto map pixtoces 1 match address To2M

crypto map pixtoces 1 set peer **.**.***.231

crypto map pixtoces 1 set transform-set DES

crypto isakmp policy 1

authentication pre-share

encryption des

hash sha

group 1

lifetime 86400


This Discussion