cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
287
Views
5
Helpful
1
Replies

Public and VPN NAT

simon.ford
Level 1
Level 1

Gurus!

We currently have several remote sites running a combination of Cisco 837 and 857 ASDL routers, behind each of these sits a single 'server' (actually just a Windows XP workstation) a Cisco wireless AP and a number of wireless mobile client devices.

Each site is configured indentically, even IP addresses, with 10.150.0.1 as the internal 'VLAN' address and 10.150.0.2 as the server address. We have static NAT setup from the routers public address pointing a few ports/protocols at this internal 10.150.0.2 server to allow external users to access this server.

We now have the requirement to build VPN (lan-to-lan) connections from each of these sites to a third-party companys router, and allow access to the server over this VPN. Obviously the issue we have here is that there are multiple sites with the same addresses and a routing nightmare! We have been allocated a 192.168.250.x private range by the third-party, and they would like us to NAT each address in this range to a seperate site.

So, my question, how do we go about NATing the 10.150.0.2 server to both the 192.168.250.x VPN address, and also to the x.x.x.x public address?

Regards,

Simon

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Simon

Attached is a screenshot of a lab i tested this with. It shows how you can NAT the same internal address to 2 different external address with the connection on the same application port - telnet in this case.

Note that you must be able to distinguish the source via their IP addresses but i'm assuming you can do this. Hopefully you should be able to modify for your needs.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: