Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT through a VPN Tunnel

I am trying to NAT through a new tunnel with an outside vendor.

Lets say that he has a 10.10.0.0/24 subnet and the network I am trying to connect him with is also a 10.10.0.0/24 subnet.

Since I have other tunnels coming in to a server on my 10.10.0.0/24 subnet I am thinking that I want to NAT his subnet on it's way into my network through the VPN.

This is the relevant confg snippets for what I am trying to do (assume the crypto maps etc... are correct). Does this look right?

static (outside,inside) 10.10.0.0 172.20.0.0 netmask 255.255.255.0

!

object-group network MY-SERVER

network-object 10.10.0.12 255.255.255.255

!

object-group network Vendor-Connect-To-Me

network-object 172.20.0.0 255.255.255.0

!

access-list nonat permit ip object-group MY-SERVER object-group Vend-Connect-To-Me

access-list Vend permit tcp object-group MY-SERVER object-group Vend-Connect-To-Me eq 23

1 REPLY
New Member

Re: NAT through a VPN Tunnel

Just hit me as I was whiteboarding the scenario that this would leave Mr. Vendor with a routing problem trying to get traffic for 10.10.0.12 to go out the VPN tunnel.

85
Views
0
Helpful
1
Replies