Site-to-site VPN additional IP subnet access

Unanswered Question
Jul 28th, 2008
User Badges:

Gents


I have site to site vpn it working well, Then VPN has been estaalished serveral years back , now clients are added (600No.s PC.) i want using additional subnet IP , but VPN should work without modify the client side firewall.


i know client if add my additional subnet it will work. I want know any way using like policy NAT? my excisting Subnet 10.20.31.0/24

thanks

Karthik

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Daniel Voicu Mon, 07/28/2008 - 07:42
User Badges:
  • Silver, 250 points or more

Hi Karthik,


The NAT will work if your side is the initiator of the traffic to the client end.

You simply NAT (many to one) the new subnet to one IP from the old subnet.


All the requests from the new subnet will use that single IP when connecting to client servers.


Let me know the device you use for VPN to provide you a NAT template.


Please rate if this helped.


Regards,

Daniel

mkkeyan Tue, 07/29/2008 - 03:54
User Badges:

hi Daniel


here is my vpn config,with this config is possible?


thanks

Karthik


access-list To2M extended permit ip 10.20.31.0 255.255.255.0 10.200.224.0 255.255.254.0


access-list nonat extended permit ip 10.20.31.0 255.255.255.0 10.200.224.0 255.255.254.0


nat (inside) 0 access-list nonat


crypto ipsec transform-set DES esp-des esp-sha-hmac


crypto map pixtoces 1 match address To2M

crypto map pixtoces 1 set peer **.**.***.231

crypto map pixtoces 1 set transform-set DES


crypto isakmp policy 1

authentication pre-share

encryption des

hash sha

group 1

lifetime 86400


Actions

This Discussion