Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

NAT with IPSEC

A router is making an ipsec connection to two different routers over internet.

Only a singe ip lets say 172.20.18.25 is allowed over vpn

Is it possible to nat the ip to two different ips for each vpn

2 REPLIES
Hall of Fame Super Blue

Re: NAT with IPSEC

Yes it is although you don't say which device. Assuming a pix/asa you can use policy NAT.

VPN1 remote subnet = 172.16.5.0/24

VPN2 remote subnet = 192.168.5.0/24

access-list vpn1 permit ip host 172.20.18.25 172.16.5.0 255.255.255.0

access-list vpn2 permit ip host 172.20.18.25 192.168.5.0 255.255.255.0

nat (inside) 2 access-list vpn1

nat (inside) 3 access-list vpn2

global (outside) 2 10.5.1.10

global (outside) 3 10.6.1.10

So when going to VPN1 the host 172.20.18.25 would get translated to 10.5.1.0 and if going to VPN2 host gets translated to 10.6.1.10.

Last thing to note. In your crypto access-list that defines which traffic to encrypt you need to refer to the Natted address and not the original one ie.

access-list vpnt1 permit ip host 10.5.1.10 172.16.5.0 255.255.255.0

access-list vpnt2 permit ip host 10.6.1.10 192.168.5.0 255.255.255.0

Jon

Re: NAT with IPSEC

thanx for your reply ..

im using 3825 isr .. so its an ios device.

can u help me out with the configs on the router

124
Views
0
Helpful
2
Replies