07-09-2013 04:22 AM - edited 03-11-2019 07:09 PM
site 1-10.1.1.0/24 lan range.
site 2- 20.1.1.0/24 lan range.
since site 1 range is getting used at far end policy nat is used below
on site 1
access-list test 10.1.1.0 255.255.255.0 20.1.1.0 255.255.255.0
nat(inside) 10 access-list test
global(outside) 10 1.1.1.1
access-list crypto_map 1.1.1.0 255.255.255.0 20.1.1.0 255.255.255.0- is it correct
access_list nonat 10.1.1.0 255.255.255.0 20.1.1.0 255.255.255.0-- ( whether 10 range or 1 range needs to be specified)
Does the policy nat config is correct ?
Another thing 1.1.1.0/24 is not assigned to any interface to firewall.
Please assist
07-09-2013 04:30 AM
Hi,
So you want to do Dynamic PAT towards the other site?
So the base information is
When Site A connects to Site B then Site A should be visible to the Site B with the IP address 1.1.1.1
If this is true then the configuration should be (basically your configuration with some corrected typos)
access-list test permit ip 10.1.1.0 255.255.255.0 20.1.1.0 255.255.255.0
nat(inside) 10 access-list test
global(outside) 10 1.1.1.1
access-list crypto_map permit ip host 1.1.1.1 20.1.1.0 255.255.255.0
or
access-list crypto_map permit ip 1.1.1.0 255.255.255.0 20.1.1.0 255.255.255.0
You dont need any statements in some NONAT/NAT0 ACL since we specifically WANT to NAT the LAN network instead of doing NAT0
- Jouni
07-09-2013 04:54 AM
As I am doing pat i donot require nat statement right.
what about
1.1.1.0/24 is not assigned to any interface to firewall nor on router.
Thus it work
07-09-2013 04:59 AM
Hi,
Since you are using the 1.1.1.0/24 only for the L2L VPN connection and NAT purposes it doesnt have to be configured on any interface or be routed on any upstream router. Its visible to the remote site through the L2L VPN connection.
- Jouni
07-09-2013 05:53 AM
Thanks that clears the doubt.
So i Can use any ip not mandatory to use public ip .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: