Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1338
Views
0
Helpful
4
Replies

Creating a VPN Tunnel without RFC1918 subnets

Go to solution
craig.juhas
Level 4
Level 4

‎11-12-2009 07:10 AM

Hi All,

I've been asked to configure a Cisco router to one of our partners using a method I'm unfamiliar with. Hence I'm hoping someone from here can guide me in the right direction. Essentially the set up needs to be like this:

At one end there is a firewall with an IP address of 123.123.123.1 (all fake IP's). This is to be the VPN termination point. Behind this firewall is a server with a private IP address of 172.16.1.1. This private IP is NAT'd to 123.123.123.2.

Now at the other end is a VPN router with an IP address of 234.234.234.1. This is the other VPN termination point. There is another internal server with IP address of 10.0.0.1. I don't really want to create an external NAT for this internal IP address if possible.

Essentially I need to get 172.16.1.1 and 10.0.0.1 to communicate with each other over a VPN but NOT use their IP addresses in the VPN tunnel.

What is the best way to achieve this? Any help would be much appreciated!

Craig

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Todd Pula
Level 7
Level 7
In response to craig.juhas

‎11-13-2009 07:42 AM

This config should do the trick for you...

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Todd Pula
Level 7
Level 7

‎11-12-2009 02:43 PM

You can use NAT to hide the source IP using an Internet routable address. You will then build the crypto ACL for the tunnel based on the post-NAT IP address. I had uploaded an example using PAT at the link below but you can also use static NAT in your case.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Network%20Management&topicID=.ee6b2ba&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cd3f992/2#selected_message

0 Helpful

Go to solution
craig.juhas
Level 4
Level 4
In response to Todd Pula

‎11-13-2009 03:04 AM

Thanks for that! I'll give it a try and let you know.

Craig

0 Helpful

Go to solution
craig.juhas
Level 4
Level 4
In response to Todd Pula

‎11-13-2009 03:49 AM

I have made a variation of the attachment from the other thread. What I'm looking to achieve with this is a VPN tunnel only using a publicly NAT'd IP address. Let me know if this makes sense and more importantly if it will work!

Preview file
2 KB
0 Helpful

Go to solution
Todd Pula
Level 7
Level 7
In response to craig.juhas

‎11-13-2009 07:42 AM

This config should do the trick for you...

0 Helpful
Customers Also Viewed These Support Documents