I am trying to setup a site to site vpn with a vendor. Om my end I have a Cisco 3825 router running 12.4 IOS. I am doing static nat translations for 3 internal hosts. I have been trying to test this in my lab, but am running into some issues. When I setup the VPN with the static nat translations it works just fine I I only use 1 host, I have encaps and decaps and the vpn is great, but when I use more that 1 hosts I have issues with the VPN not working properly. I am also using a route-map that calls my static nat translations and ACL's. I am attaching a config from my lab of both test routers.
To configure static NAT with the route-map option, issue the ip nat inside source static local-ip global-ip route-map map-name command from global configuration mode. Identify the NAT inside and outside interfaces by issuing the ip nat inside command and the ip nat outside command under the specific interface configuration mode. The route-map should be configured to match the specific traffic that needs to be translated by issuing the match command.
For example, a router connects to the Internet through interface serial 0 and is connected through interface serial 1 to a partner network which uses the 192.168.1.0/24 address space. The LAN interface of the router is connected to the corporate inside network which belongs to the 10.0.0.0/8 network. The requirement is that an inside host 10.1.1.1, which could be a mail server, should be translated to address 220.127.116.11 when communicating with the Internet. The same host should be translated to the 172.16.1.1 address when communicating with the partner network. This is the relevant configuration on the router:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...