Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT over a LAN-LAN VPN

Hi,

I have a VPN tunnel between two routers. My router also connects directly to internet [aDSL].

I need to PAT my inside host [192.168.0.2] to the outside interface when connecting to the internet.

I also need to static NAT my host to 172.25.100.230 when going over the VPN.

The NAT-VPN works fine on its own, and the PAT-internet connection works fine on its own.

How do I get both working together?

I've tried the following config and it doesn't work:

--------------------------------------

ip nat pool MOBILE 172.25.100.230 172.25.100.230 prefix-length 32

ip nat inside source route-map INTERNET interface Dialer1 overload

ip nat inside source route-map MOBILE-NAT pool MOBILE

!

route-map INTERNET permit 10

match ip address 124

!

route-map MOBILE-NAT permit 10

match ip address 123

!

access-list 123 permit ip host 192.168.0.2 host 101.123.101.123

access-list 124 permit ip 192.168.0.0 0.0.0.255 any

------------------------

Thankyou all,

1 REPLY
Gold

Re: NAT over a LAN-LAN VPN

acl 123 is actually part of the acl 124, so the packet destined for 101.123.101.123 will be matched with both acl.

the route-map may act like acl meaning that it works in order. try to apply the route-map "mobile-nat" first, then route-map "internet".

99
Views
3
Helpful
1
Replies