Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco remote VPN NAT issue

Dear all,

I am facing an issue , which needs your valuable support.

As per the  attached diagram , remote users are getting ip address 192.168.2.x , internal IP = 192.168.1.x , DMZ ip = 172.16.1.x and 10.0.0.x network is accessed via router connected on DMZ in which i dont have control.

My issue is that remote users want to access 10.0.0.x network but they can't , at the same time they can access DMZ and internal network.

I have tried no NAT as below and i removed first line of ACL as well, but the result is same

access-list 160 permit ip 10.0.0.0 255.0.0.0 192.168.2.0 255.255.255.0

access-list 160 permit ip 172.16.1.0 255.255.255.0 192.168.2.0 255.255.255.0

nat (dmz) 0 access-list 160

i wish to try NATing 192.168.2.x  traffic using a DMZ IP addess when packets are destined to 10.0.0.x.

can some one suggest me on how to proceed ?

Everyone's tags (6)
5 REPLIES
New Member

Re: Cisco remote VPN NAT issue

Hi,

You need to look at a dynamic policy NAT and nating the VPN users to either the DMZ interface or an address within DMZ range which is dedicated to that purpose.

Sent from Cisco Technical Support iPad App

Re: Cisco remote VPN NAT issue

Hello,

You could do a :

NAT (outside) 1 192.168.2.0 netmask 255.255.255.0 outside

global (dmz) 1 172.16.1.x

Can you do a packet-tracer and show us the result of that, this will lead us to a nat or something else issue.

The No_Nat configuration is perfect.

Regards,

Julio

DO rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Cisco remote VPN NAT issue

i have attached packet tracer output and the firewall config , kindly look in to that .

New Member

Re: Cisco remote VPN NAT issue

Hi all ,

As jcarvaja sujested i have tried the NAT config but no luck.

Please provide me a solution .

Re: Cisco remote VPN NAT issue

Hello,

Here is what I want you to do now:

access-list test permit ip 192.168.2.0 255.255.255.0 10.0.0.0 255.255.255.0

nat (outside) 10 access-list test outside

global (dmz) 10 interface

Regards,

Let me know the result.

Rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
841
Views
0
Helpful
5
Replies
CreatePlease login to create content