Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1218
Views
0
Helpful
3
Replies

Traverse a 1:1 NAT with VCS

pbzijerveld
Level 1
Level 1

‎12-20-2011 09:51 AM - edited ‎03-17-2019 10:41 PM

Hi All,

We have combined two existing wan networks, we have done this with 1:1 NAT. So every 10.10.10.0/24 address has a 172.16.10.0 address. This works two ways. Please look at the attached design. There is no option to do it with a standard PAT translation you would use if the VCS Expressway is connected to the internet.

At this moment we cannot get the traversalzone working from the 10.10.10.10 VCS Control to the 172.16.10.10 VCS Expressway.

Is this a correct design or do we need to append a dual network interface option to route the traffic?

I hope you can give me some insight to the problem.

Thanks!

Labels:
Preview file
19 KB
0 Helpful
3 Replies 3

awinter2
Level 7
Level 7

‎12-20-2011 01:45 PM

Hi Pieter,

can you elaborate further on how this NAT setup works? In which direction of traffic is NATing taking place?

The diagram states that "All 10.10.10.0 addresses are natted to 172.16.10.0". The diagram shows the VCS-E with an address of 172.16.10.10 and the VCS-C with an address of 10.10.10.10. If I understand that correctly, wouldn't the VCS-E and VCS-C end up with the same address?

To break things down a bit, could you please answer the following:

- If you ping the VCS-E from the VCS-C, what apparant address would the ping come from as seen on the VCS-E?

- If you ping the VCS-C from the VCS-E, what apparant address would the ping come from as seen on the VCS-C?

- Is 172.16.10.10 and 10.10.10.10 the actual LAN 1 IP addresses of the VCS-E and VCS-C, respectively?

- What IP address have you configured as the peer address on the traversal client zone on the VCS-C, and what is the peer address for the traversal server zone shown as on the VCS-E?

Thanks,

Andreas

0 Helpful

pbzijerveld
Level 1
Level 1
In response to awinter2

‎12-21-2011 12:24 AM

- If you ping the VCS-E from the VCS-C, what apparant address would the ping come from as seen on the VCS-E?

If i ping from the VCS-C i would ping 10.10.20.10 - by the firewall it wil be translated to 172.16.10.10

- If you ping the VCS-C from the VCS-E, what apparant address would the ping come from as seen on the VCS-C?

If i ping from the VCS-E i would ping 172.16.20.10 - by the firewall it will be translated to 10.10.10.10

- Is 172.16.10.10 and 10.10.10.10 the actual LAN 1 IP addresses of the VCS-E and VCS-C, respectively?

Yes

- What IP address have you configured as the peer address on the traversal client zone on the VCS-C, and what is the peer address for the traversal server zone shown as on the VCS-E?

VCS-C peer to 10.10.20.10

VCS-E no peer because its a traversal server zone

0 Helpful

awinter2
Level 7
Level 7
In response to pbzijerveld

‎12-21-2011 07:23 AM

Hi Pieter,

your initial post and diagram only describes 10.10.10.0/24 and 172.16.10.0/24, but your latest post also mentions 10.10.20.0/24 and 172.16.20.0/24, could you please clarify?

Also, does the Expressway require connectivity with public networks/Internet?

Thanks,

Andreas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents