Re: NAT and VPN on 1711

kenneth.fernandes · ‎10-27-2003

I have a cisco 1711 at the edge. I have two different customer networks that I would like to connect to via vpn at the same time to manage there server via our hp openview manager. They also have a cisco 1711 at the edge. The problem is they both have the same ip scheme 10.1.1.x. Any suggestions???

atdhingr · ‎10-28-2003

Do you need to be able to initiate the tunnel from sides, if not use PAtted IP at the customer's end for vpn and then initiate the tunnel from your end.

Let me know your comments

Atul.

kenneth.fernandes · ‎10-28-2003

I need to have the tunnel initiated from the customers end as I have a static IP and they may have a dynamic ip.

atdhingr · ‎10-28-2003

192.168.1.xRouterMain(200.200.200.200)-----------100.100.100.100RouterCustomer(10.1.1.x)

NAT list on RouterMain:

deny ip 192.168.1.x to 100.100.100.100

permit ip 192.168.1.x to any

Crypto list on RouterMain:

permit ip 192.168.1.x to 100.100.100.100

_____________________________

NAT list on RouterCustomer:

permit ip 10.1.1.x. to any

Crypto list on RouterCustomer:

permit ip 100.100.100.100 to 192.168.1.x

In the above way you can initiate it from behind the RouterCustomer because it uses PATed ip you can have same internal network behind another router (RouterCustomer2) and then use its PAT IP for crypto.

let me know your comments

kenneth.fernandes · ‎10-30-2003

that should do the trick....thanks,

Ken