Creating a VPN Tunnel without RFC1918 subnets

Answered Question
Nov 12th, 2009

Hi All,

I've been asked to configure a Cisco router to one of our partners using a method I'm unfamiliar with. Hence I'm hoping someone from here can guide me in the right direction. Essentially the set up needs to be like this:

At one end there is a firewall with an IP address of 123.123.123.1 (all fake IP's). This is to be the VPN termination point. Behind this firewall is a server with a private IP address of 172.16.1.1. This private IP is NAT'd to 123.123.123.2.

Now at the other end is a VPN router with an IP address of 234.234.234.1. This is the other VPN termination point. There is another internal server with IP address of 10.0.0.1. I don't really want to create an external NAT for this internal IP address if possible.

Essentially I need to get 172.16.1.1 and 10.0.0.1 to communicate with each other over a VPN but NOT use their IP addresses in the VPN tunnel.

What is the best way to achieve this? Any help would be much appreciated!

Craig

I have this problem too.
0 votes
Correct Answer by Todd Pula about 7 years 2 months ago

This config should do the trick for you...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Todd Pula Thu, 11/12/2009 - 14:43

You can use NAT to hide the source IP using an Internet routable address. You will then build the crypto ACL for the tunnel based on the post-NAT IP address. I had uploaded an example using PAT at the link below but you can also use static NAT in your case.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&topicID=.ee6b2ba&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cd3f992/2#selected_message

craig.juhas Fri, 11/13/2009 - 03:49

I have made a variation of the attachment from the other thread. What I'm looking to achieve with this is a VPN tunnel only using a publicly NAT'd IP address. Let me know if this makes sense and more importantly if it will work!

Actions

This Discussion