Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to site vpn

Hi All,

I have a queery using site to site vpn.

While configuring site to site vpn we make us NAT 0 (for interseting trafiic).

Let say My lan ip is 10.10.10.10 and is patted with 202.17.22.17.

And outside interface ip of firewall is 202.17.22.35.

I have created site to site vpn and mentioned 10.10.10.0 range in interseting traffic.

and far end interseting raffic is 192.168.10.0 range.

so when i run packet tracer command with inside as 10.10.10.10 and 192.168.10.4 as far end ip

In nat rules which ip it should display .

What is the exact use of NAT 0 in site to site tunnel

1 ACCEPTED SOLUTION

Accepted Solutions

Site to site vpn

Hello Prashant,

That is a different scenario, if both are the same you will need to do a policy nat so you can nat the host when they go to the other site.That would be all you need.

Regards,

Julio!

Do rate all post that help!

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
7 REPLIES

Site to site vpn

Hi Prashant,

There are two things - NAT 0 and Policy NAT if i understood you correctly.

Lets say one end subnet 10.x.x.x.x Far end 192.x.x.x - and 10.x.x.x subnet also want to access internet so pat global (outside) or static nat will be there . In nat process nat 0 is processed frist so while commmunicating with 192.x.x.x packet should not get nattted . Here nat 0 works .

2nd policy nat which is just to change the identity for ex - overlapping of network so ofcourse nat should be on .

When you are using policy nat then nat0 should not be used .In packet tracer it will give you policy nat rules on step -NAT.

Thanks

Ajay

New Member

Site to site vpn

So let say if i donot use NAT 0 in interseting traffic .Does  it efect the site to site vpn.

Site to site vpn

Hello Prashant,

The thing with nat 0 with ACL is that does not generate or create an XLATE table..

I am not sure what you mean by this:

donot use NAT 0 in interseting traffi?

Of course, it affects as VPN traffic does not need to be natted when it goes to the other site unless you have overlapping networks.

Without it, it will get natted and the whole purpose of the VPN will be missed!!

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Site to site vpn

Thank you.

Site to site vpn

Hello Prashant,

Is there anything else we could do for you??

If not please mark the question as answered so future users can learn from this question.

Regards.

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Site to site vpn

Hi Jcarvaja,

If the lan ip of the both sides are of same range and i have static nat does vpn works ?

Site to site vpn

Hello Prashant,

That is a different scenario, if both are the same you will need to do a policy nat so you can nat the host when they go to the other site.That would be all you need.

Regards,

Julio!

Do rate all post that help!

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
418
Views
10
Helpful
7
Replies
CreatePlease login to create content