NAT traffic between the IPsec VPN

Unanswered Question
Dec 24th, 2008
User Badges:

Hi,


We are using a 515E firewall in which we are established VPN without Nating the Traffic between existing VPN


But Now we had some requirement to NAT the Trafic between the new VPN which we trying to esatblish can u pls suggest me how i can deploy NAT for the new tunnel with the below running config


the partial configuration is :


access-list 123 permit ip 10.88.0.0 255.255.0.0 host 192.168.151.32

access-list 123 permit ip 10.89.0.0 255.255.0.0 host 192.168.151.32


access-list 111 permit ip 10.88.0.0 255.255.0.0 host 192.168.151.32

access-list 111 permit ip 10.89.0.0 255.255.0.0 host 192.168.151.32

pager lines 24

logging on

logging console debugging

logging monitor debugging

logging buffered debugging

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu gs-office 1500

mtu intf4 1500

mtu intf5 1500

ip address outside XX.137.0.50 255.255.255.240

ip address inside 10.101.21.20 255.255.255.0

ip address dmz XX.137.0.129 255.255.255.240

ip address gs-office 10.103.21.20 255.255.255.0


global (outside) 1 interface

nat (inside) 0 access-list 123

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (dmz) 0 access-list 121

nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

nat (gs-office) 1 access-list 151 0 0

route outside 0.0.0.0 0.0.0.0 83.137.0.49 1

route inside 10.0.0.0 255.0.0.0 10.101.21.1 1

route inside xx.1.1.0 255.255.255.0 10.101.21.1 1


sysopt connection permit-ipsec


crypto ipsec transform-set dlf-M3UA-set esp-3des esp-md5-hmac


crypto map eplus-map 21 ipsec-isakmp

crypto map eplus-map 21 match address 111

crypto map eplus-map 21 set peer 121.242.37.88

crypto map eplus-map 21 set transform-set dlf-M3UA-set

crypto map eplus-map interface outside



isakmp key ******** address XXX.242.37.88 netmask 255.255.255.255

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400



Here for the new TUNNEL i need to NAT the source ip For example source IP 10.150.4.5 to 10.199.222.1 through the tunnel


Pls guide me for this




Regards,

Vinu






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion