I only have a basic VPN understanding and I'm in a bit of a mess...
The problem that I'm facing is that I have a client that has the same private ip subnet as myself. I understand that I need to perform NAT but the issue is that I want to perform NAT for one subnet for one client only, leaving all else the same.
Looking at the config (I have a 3640), I would think I need something like this:
ip address x.x.x.x 255.255.255.0
ip nat inside
crypto map wwmap
route-map test permit 10
match ip address 110
access-list 110 permit ip 172.16.0.0 0.0.255.255 172.28.0.0 0.0.255.255
ip nat inside source static 172.16.0.50 172.28.0.50 route-map test
Where 172.16.0.0/16 is the source subnet and 172.28.0.0/16 is what I want to NAT to. Also, I only have one host (172.16.0.50) that they need to access.
They will perform similar their end so I just see their 172.16.0.0/16 as its NATted address.
How to I ensure that no other NATting takes place? I assume as my config stands all else would fail?
Any help much appreciated. All articles I find assume that you want NAT to take place for all out going traffic but this is not the case.
Thank you so much for your help, it's much appreciated!
Can I please pick your brain some more? I have had more clarification now - their 172.16.0.0/16 subnet will not be used to connect to us (it's more a routing issue for them), so no NAT is being performed their end.
We basically have 2 servers on that subnet that their users on subnet 192.168.1.0/24 will be contacting, and that is all.
So, I think that your point 1 is probably not required here?...this is my revised configuration after studying point 2 -
#to allow their subnet to access the NATted subnet
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...