Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IOS router, Hide Internal subnet in a new ip pool. NAT Before IPSEC

Hello All,

I would like to create the following setup;

my internal LAN's are:

192.168.1.0 255.255.255.0

192.168.2.0 255.255.255.0

I need to connect to this VPN network;

172.26.222.0 255.255.255.224

With my own assigned IP Range:

172.26.226.145 255.255.255.248

So i need to hide my internal net;

192.168.1.0 / 24

192.168.2.0 / 24

behind;

172.26.226.144 255.255.255.248

if i need to reach:

172.26.222.0 255.255.255.224

without disturbing any;

Internet traffic

(there is a nat overload defined;)

ip nat inside source list 12 interface Dialer0 overload

access-list 12 defines some deny's for current vpn traffic and a permit for internal LAN to Internet.

I was thinking by doing this in a route-map?

ip nat inside source route-map VPN interface Dialer0 overload

ip nat inside source static network 192.168.1.0 0.0.0.255 172.26.226.144 0.0.07 route-map VPN extendable

and

ip nat inside source static network 192.168.2.0 0.0.0.255 172.26.226.144 0.0.07 route-map VPN extendable

access-list 144 deny ip 172.26.226.144 0.0.0.7 172.26.222.0 0.0.0.31

access-list 144 deny ip 172.26.222.0 0.0.0.31 172.26.226.144 0.0.0.7

access-list 144 permit ip 192.168.1.0 0.0.0.255 any

access-list 144 permit ip 192.168.2.0 0.0.0.255 any

route-map VPN permit 10

match ip address 144

Does anybody have some experience doing so?

Thanks in advance for any answer.

Regards,

Ralph

1 REPLY
Bronze

Re: Cisco IOS router, Hide Internal subnet in a new ip pool. NAT

For creating VPN between two sites you need public IP's on both sides. !72.26.x.x is a private network IP and cannot be used for VPN if it is over Internet. The internal network 192.168.x.x can be made hidden using a firewall or access lists.

718
Views
0
Helpful
1
Replies
CreatePlease login to create content