Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3000 Static NAT LAN-to-LAN rules

I cannot get a Static NAT LAN-to-LAN rules to work. I am running Version 4.1.1.Rel Feb 12 2004 17:54:39 on 3015 VPN Concentrator.

I have an IPSec LAN-to-Lan tunnel up. The Local Network is 10.100.40.0/24. I have a Static NAT LAN-to-LAN rule that translate a single host from 10.100.40.11 to 172.29.7.40 when it is talking to 172.29.1.0/24 on the other side of the tunnel. The NAT translation just does not happen.

In testing the IPSec tunnel, if I change the Local Network List to a single device 172.29.7.20 with a wild card of 0.0.0.0 then it works great. I can ping between a single device in my side 172.29.7.40 to the other side of the tunnel’s subnet 172.29.1.x/24 However, the NAT LAN-to-LAN rules would be meaningless in that configuration.

How can I get Static NAT LAN-to-LAN rules to work. I have done the obvious check by making sure that under “Configuration/Traffic Management/NAT/LAN-to-LAN Rules” that “LAN-to-LAN Tunnel NAT Rule Enabled” checkbox is checked. What else is there to check?

I have attached two screen shots of IPSec LAN-to-LAN and NAT LAN-to-LAN rules for reference. Please comment. Thank you.

2 REPLIES
New Member

Re: VPN3000 Static NAT LAN-to-LAN rules

Everything looks fine...any update on this?

New Member

Re: VPN3000 Static NAT LAN-to-LAN rules

Everything is fine and working. It turns out that the other side has configured a wrong subnet mask.

401
Views
0
Helpful
2
Replies
CreatePlease to create content