Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need solution for address translation over VPN

I am connecting a remote site using a VPN between a PIX501 at the remote site to our VPN3030 on the local site. The remote site uses a cable Internet connection with a static IP. The connection works great but the IP subnet at the remote site duplicates addresses already connected to our network. If I nat the addresses on the PIX501 (using Static command), the remote site is unable to use their local Internet connection. I would prefer to not route all of their Internet traffic over the VPN. Is there a solution to this? Do I need to replace the 501 with another piece of equipment?

1 REPLY
Bronze

Re: Need solution for address translation over VPN

Hi,

You can do a policy based static translation to NAT the traffic only over the VPN tunnel.

Suppose your source subnet is s.s.s.0/24, destination d.d.d.0/24 ant NATed subnet is n.n.n.0/24, the following commands will achieve policy static NAT

Access-list vpn-nat permit ip s.s.s.0 255.255.255.0 d.d.d.0 255.255.255.0

Static (inside,outside) n.n.n.0 access-list vpn-nat

Don’t forget to change the crypto access-lists at both ends to match the change in IP also.

Access-list crypto-acl permit ip n.n.n.0 255.255.255.0 d.d.d.0 255.255.255.0

HTH

Regards,

Shijo George.

85
Views
0
Helpful
1
Replies