IPSec site-to-site with Nat Overload

Unanswered Question
Jun 28th, 2009
User Badges:

Dears,

i am a little bit confused when configuring IPSec site-to-site with Nat Overload. I have two questions:

1- I need to know the order of operations between NAT overload (including either an ACL or a route-map) and crypto map (including an ACL). For example

if i have the following example:

access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

access-list 102 deny ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

access-list 102 permit ip any any

crypto map cmap1 1 ipsec-isakmp

match address 101

route-map rmap1 permit 1

match ip address 102

ip nat inside source route-map rmap1 interface s0/0 overload

int s0/0

crypto map cmap1


And if i make a ping from 1.1.1.2 to 2.2.2.2, how will the icmp packets treated by the router

Also if did not add the deny entry in the access-list 102, how will the icmp packets treated by the router

2- What is the difference between using route map and ACL in NAT overload:

ip nat inside source route-map rmap1 interface s0/0 overload

ip nat inside source list 102 interface s0/0 overload


Your help is really appreciated

Best regards,

Moustafa


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion