Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LAN to LAN PAT/NAT on 3020 concentrator

I have a customer who wants to create a L2L tunnel, but says that they will only allow us to use up to three IP addresses. I've never had any other customers ask me to do it this way and I'm a little stumped as how I should make it work. I'm guessing some form of NAT/PAT should solve the issue for me. Could someone please steer me in the right direction.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: LAN to LAN PAT/NAT on 3020 concentrator

Yes you can use this approach for NAT. Perhaps they are 'over-cautious' with their security.

Regards

Farrukh

5 REPLIES

Re: LAN to LAN PAT/NAT on 3020 concentrator

New Member

Re: LAN to LAN PAT/NAT on 3020 concentrator

Thank you for your response, but what I'm specifically looking for is being able to take a range of addresses on LAN and NAT to a single IP address. The customer has said that they will only allow up to three IP addresses. I have about 10 users that will need access to this L2L tunnel. So, I'm confused on how to accomplish this if they won't allow an entire subnet or my 10 IP addresses. Thanks in advance!

Jerrod

Re: LAN to LAN PAT/NAT on 3020 concentrator

The Concentrator supports Dynamic NAT and PAT as well, but this is only for Outbound traffic. Have a look at:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/polmgt.html#wp1639218

So its like a Walkie Talkie :)

A better approach would be to do the NAT/PAT on some device 'before' the Concentrator (If possible)

Regards

Farrukh

New Member

Re: LAN to LAN PAT/NAT on 3020 concentrator

So basically I need to PAT or NAT overload on a router and then do a one to one Static NAT on the concentrator to be able to translate the one IP address the customer will allow. Have you ever seen problems with doing it this way? I'm curious as to why they are wanting to do it this way. Thank you very much.

Re: LAN to LAN PAT/NAT on 3020 concentrator

Yes you can use this approach for NAT. Perhaps they are 'over-cautious' with their security.

Regards

Farrukh

184
Views
0
Helpful
5
Replies
CreatePlease to create content