Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT some www site over VPN over IP address head office

Hi!

my company is use external web services with authentication client over IP address.

in central office A all work is good, but office B could not  connected to www resources, because it authenticate with wrong IP.

I need to set up the scheme in such a way that my B office connects to the IP address of the office with A.

Снимок.PNG

My 2 office connect over VPN and it work.

I've done

Config from  B commutator:

ip access-list extended NAT

deny   ip 192.168.40.0 0.0.0.255 host 91.221.163.26

deny   ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255

deny   ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip 192.168.40.0 0.0.0.255 any

ip access-list extended vpn_to_hq

permit ip 192.168.40.0 0.0.0.255 10.1.135.0 0.0.0.255

permit ip 192.168.40.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip 192.168.40.0 0.0.0.255 host 91.221.163.15

Config from  A fw:

access-list Inside_ACL_for_NAT extended permit ip host 91.221.163.26 192.168.40.0 255.255.255.0

access-list From_inside_to_DMZ&outside.in extended permit tcp 192.168.40.0 255.255.255.0 any eq www

global (outside) 11 temp.server

nat (inside) 11 access-list Inside_ACL_for_NAT

-----------------

but the scheme is not work.

what i do wrong?

152
Views
0
Helpful
0
Replies
CreatePlease to create content