04-27-2012 04:39 AM
hi,
i am trying to setup vpn between asa and cicso 877 router (in the pas i have setupo between asa and asa, pix and pix but not between asa and router)
I am confused with the nonat concept in cisco router (for vpn). i mean why do you need a route-map and deny the traffic. could you throw some light on this ?
cisco link
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml#CLI1
Thanks
04-27-2012 09:51 AM
Same as on ASA/PIX NAT is performed before encryption and after decryption.
How you will define traffic not to his NAT (or to hit it) is up to you, routing (VTI/GRE interface), access-list or route-map.
There is no concept of "no nat" on IOS routers.
M.
04-27-2012 10:02 AM
!
ip nat inside source route-map nonat interface FastEthernet0 overload
!
access-list 110 deny ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 110 permit ip 10.20.10.0 0.0.0.255 any
!
route-map nonat permit 10
match ip address 110
!
or better (if you have for example the IP public 1.2.3.5)
!
ip nat pool 1.2.3.5 1.2.3.5 1.2.3.5 prefix-length 30
!
ip nat inside source list nat-to-internet pool 1.2.3.5 overload
!
ip access-list extended nat-to-internet
deny ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 10.20.10.0 0.0.0.255 any
deny ip any any
!
04-28-2012 05:50 AM
hi, thanks for this
what does this line do ?
ip nat inside source route-map nonat interface FastEthernet0 overload
04-28-2012 06:10 AM
All inside hosts 10.20.10.0/24
will be NOT natted when reach
10.10.10.0/24
and will be natted with
172.17.1.1
when reach all other IP
Note: on the link
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml#CLI1
I presume there's a mistake: missing the interfaces command "ip nat inside" / "ip nat outside"
04-30-2012 02:16 AM
what does ip nat inside" / "ip nat outside do ?
04-30-2012 02:52 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide