Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT and PAT over VPN

Hi,

I have a VPN tunnel between two routers. My router also connects directly to internet [aDSL].

I need to PAT my inside host [192.168.0.2] to the outside interface when connecting to the internet.

I also need to static NAT my host to 172.25.100.230 when going over the VPN.

The NAT-VPN works fine on its own, and the PAT-internet connection works fine on its own.

How do I get both working together?

I've tried the following config and it doesn't work:

--------------------------------------

ip nat pool MOBILE 172.25.100.230 172.25.100.230 prefix-length 32

ip nat inside source route-map INTERNET interface Dialer1 overload

ip nat inside source route-map MOBILE-NAT pool MOBILE

!

route-map INTERNET permit 10

match ip address 124

!

route-map MOBILE-NAT permit 10

match ip address 123

!

access-list 123 permit ip host 192.168.0.2 host 101.123.101.123

access-list 124 permit ip 192.168.0.0 0.0.0.255 any

------------------------

Thankyou all,

1 REPLY
Silver

Re: NAT and PAT over VPN

Marcus,

I think you might need to add a deny statement to your access-list 124 telling it to ignore traffic from 192.168.0.2 to 101.123.101.123 as i fear that if the router uses the INTERNET nat rule first on inbound traffic it will NAT all traffic regardless of destination from 192.168.0.2 as all traffic is included within ACL 124.

So i am thinking...

access-list 124 deny host 192.168.0.2 host 101.123.101.123

access-list 124 permit ip 192.168.0.0 0.0.0.255 any

HTH

Paddy

107
Views
4
Helpful
1
Replies
CreatePlease to create content