Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Nat'g with site-to-site Tunnels on IOS routers with overlapping private ip

I am trying to nat with site-to-site Tunnels on IOS routers with overlapping private ip addresses. On the PIX/ASA it is rather easy.

static (Inside,Outside) access-list 102

access-list 102 extended permit ip host (public ip of other end of tunnel)

Your tunnel configuration is a given on both.

I have tried a command I found in a book trying with a route-map but does not work. 'ip nat inside source static route-map AGVsoft no-alias


and then the route-map. The routers are running advanced ip services, one is a 2811(12.4.11T) and the other is a 871(12.4.4T).

I have been unable to find a solution on the net/Cisco anywhere other than the Cisco Security Manager.


Re: Nat'g with site-to-site Tunnels on IOS routers with overlapp

I am not very clear on what you are wanting.

Are you saying you are setting up a VPN to another site that has overlapping IP's?

If that is the case then you or the other end will have to NAT to an IP block you agree upon or force them to NAT to their public ip since all public space is unique to each site.

One thing I have done is for cases where the client would not use public, I had 2 IP ranges set up specifically for client NAT. I would assign them a pool of IP's just like an ISP and have them NAT to the IP block assigned.

For example:

Client A Has

This IP blockis being used on your network already.

I would assign them a block or whatever size they needed, and they would need to set up NAT. Then when building the ACL for traffic to that client you use the block assigned.

CreatePlease to create content