Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LAN-to-LAN to VPN tunnel NAT0

We have a LAN-to-LAN VPN tunnel which we have configured NAT0 on both end firewalls, to these addressing excluded from NAT. What happens if they're out in the internet, what are these addresses known as when they're out there, which bit of the configuration part of the configurations should show this? Please help!

1 REPLY

Re: LAN-to-LAN to VPN tunnel NAT0

Bernadette, L2L uses the IPsec standard ,even though you have excluded internal address by NAT0 the traffic is still encrypted by (crypto map) engine and the access-list bound to the crypto map, example: access-list inside_nat0_outbound extended permit ip x.x.x.x y.y.y.y and access-list outside_cryptomap_20 extended permit ip x.x.x.x y.y.y.y , the outside_cryptomap_20 is what determins what traffic will be encrypted based on previous access list.

If you are using PIX and issue show crypto ipsec sa This command shows IPsec SAs built between L2L vpn peers and you should be able to see packets encap/decap and packets encrypted/decrypted as they are received and sent out through outbound- inbound tunnel interface.

Here is a link for learning the basics of Ipsec standards.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

I hope I have answered your question.

HTH

Rgds

Jorge

95
Views
0
Helpful
1
Replies