Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public and VPN NAT


We currently have several remote sites running a combination of Cisco 837 and 857 ASDL routers, behind each of these sits a single 'server' (actually just a Windows XP workstation) a Cisco wireless AP and a number of wireless mobile client devices.

Each site is configured indentically, even IP addresses, with as the internal 'VLAN' address and as the server address. We have static NAT setup from the routers public address pointing a few ports/protocols at this internal server to allow external users to access this server.

We now have the requirement to build VPN (lan-to-lan) connections from each of these sites to a third-party companys router, and allow access to the server over this VPN. Obviously the issue we have here is that there are multiple sites with the same addresses and a routing nightmare! We have been allocated a 192.168.250.x private range by the third-party, and they would like us to NAT each address in this range to a seperate site.

So, my question, how do we go about NATing the server to both the 192.168.250.x VPN address, and also to the x.x.x.x public address?



Hall of Fame Super Blue

Re: Public and VPN NAT


Attached is a screenshot of a lab i tested this with. It shows how you can NAT the same internal address to 2 different external address with the connection on the same application port - telnet in this case.

Note that you must be able to distinguish the source via their IP addresses but i'm assuming you can do this. Hopefully you should be able to modify for your needs.