10-09-2008 03:35 PM - edited 03-06-2019 01:51 AM
I have been trying to figure this out for a while, hopefully someone here can help me out.
I have a Public class C. I want to take a /27 and route it through a VPN tunnel to another location so that other location can use the public IPs. I have Cisco 2811 Routers at both ends.
I can setup a site-to-site VPN connection on the routers but its figuring out how to route the traffic through so that the /27 comes out on the other end and the machines that communicate on the other end come out using the /27.
/27Subnet --> 2811 <VPN> 2811 --> Hosts
Hosts --> 2811 <VPN> 2811 --> /27 Subnet
Bidirectional communication. I can use internal 10.x.x.x subnet if needed to route between them, and I was thinking of setting up some sort of NAT, but not sure if it will work.
Anyone have any ideas on how to accomplish this? Thanks in advanced.
Gus
10-09-2008 07:35 PM
nating works
if u do nating on the main router and nat the traffic to IPs in the remote site and include in ur ACL inersting traffic for vpn any traffic going to those IPs i mean local IPs those will have nating
and u can use use gre/ipsec to use static/dynamic routig then u can make the work as a routed network between two directly connected routers
if helpful rate
10-10-2008 12:33 PM
Thanks for the response. I think I am missing what to actually place in the access-list for the VPN tunnel, and I don't even know if this configuration is correct. Here is what I have so far on my router that has the public IP's:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <> address x.x.x.x no-xauth
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set defaultVPN esp-3des esp-sha-hmac
!
crypto map B2BVPN 1 ipsec-isakmp
description VPN to Remote Site
set peer x.x.x.x
set transform-set defaultVPN
match address tunnel
!
interface GigabitEthernet0/1.104
encapsulation dot1Q 104
ip address 99.88.77.33 255.255.255.252
ip nat inside
ip virtual-reassembly
crypto map B2BVPN
!
interface GigabitEthernet0/1.105
encapsulation dot1Q 105
ip address 99.88.77.37 255.255.255.252
ip nat outside
ip virtual-reassembly
!
ip route 99.88.77.240 255.255.255.240 GigabitEthernet0/1.105
ip route 10.0.100.240 255.255.255.240 GigabitEthernet0/1.104
!
ip nat inside source static 10.0.100.241 99.88.77.241
ip nat inside source static 10.0.100.242 99.88.77.242
ip nat inside source static 10.0.100.243 99.88.77.243
ip nat inside source static 10.0.100.244 99.88.77.244
ip nat inside source static 10.0.100.245 99.88.77.245
ip nat inside source static 10.0.100.246 99.88.77.246
ip nat inside source static 10.0.100.247 99.88.77.247
ip nat inside source static 10.0.100.248 99.88.77.248
ip nat inside source static 10.0.100.249 99.88.77.249
ip nat inside source static 10.0.100.250 99.88.77.250
ip nat inside source static 10.0.100.251 99.88.77.251
ip nat inside source static 10.0.100.252 99.88.77.252
ip nat inside source static 10.0.100.253 99.88.77.253
ip nat inside source static 10.0.100.254 99.88.77.254
10-10-2008 04:57 PM
first do u have ur VPN working ok
i mean from the router with public IPs u can reach all the 10.0.100.240 IPs through vpn?
and what is the content of tunnel ACL ?
this ACL important because this ACL determine what to be send through VPN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide