We currently have the following scenario with 2 ipsec vpn tunnels setup.
inside LAN = 172.20.136.0/24
Remote Site1 internal LAN = 192.168.1.0/24
Remote Site2 internal LAN = 192.168.2.0/24
The VPN tunnels establish without any issues and I can connect to hosts 192.168.1.10 and 192.168.2.10.
However, to avoid the overlapping problems in the future, normally the Policy NAT is done on the remote end. This cannot be done as our customers are resistant to make any policy NAT changes at their end.
Therefore, I want to 1:1 NAT the remote end hosts to the following on my side so I am doing Destination NAT.
In this case our internal 172.20.136.0/24 will connect to IP addresses 172.23.0.1 or 172.23.1.2 rather than 192.168.1.10 or 192.168.2.10
However, when I try and ping/connect to the destination NATT'd addresses 172.23.0.1 or 172.23.1.2, I get NO reply. The access-lists are implemented which says allows traffic from 172.20.136.0/24 to 172.23.0/24 and 172.23.1.0/24.
Can someone please confirm where I maybe going wrong.
With a little modification you could also configure this as Static Policy PAT that would apply this NAT only when the traffic is between your LAN and these specific hosts but then again I am not sure if its needed in this case.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :