Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

NAT over VPN

Dear All

I have IPsec VPN running Two sites. VPN is working fine.we can access Both LAN.

i have one challange.I want LAN 10.1.1.x should  access 192.168.0.x lan VIA 192.168.0.1 IP only.

we have restriction 192.168.0.x LAN can be accessed VIA 192.168.0.1 IP

it can be NAT on 192.168.0.1 or any solution.

Please assist

VPN.png

Kind regards

Vikas kumar

Everyone's tags (3)
1 REPLY
Cisco Employee

NAT over VPN

HI Vikas ,

you can NAT the traffic , for example see the following :

1.0.0.0/8----VPN_GW1-----------L2L-------------VPN_GW2--------2.0.0.0/8

2.0.0.0 should be accessed only via this ip address :

11.11.11.11

you can configure the following NAT :

access-list policy-nat permit ip 1.0.0.0/8  2.0.0.0/8

nat (inside) 3 access-list policy-nat

global (outside) 3 11.11.11.11

changes needed to be done to the crypto acl also :

at GW1:

access-list crypto permit ip 11.11.11.11 255.255.255.255 2.0.0.0/8

at GW2 :

access-list crypto permit ip 2.0.0.0/8 host 11.11.11.11

hope that this will help you .

Mohammad.

763
Views
0
Helpful
1
Replies
CreatePlease to create content