Ok here's the situation. I have an 871 that currently terminates 2 VPN tunnels to partners. I'm in the process of connecting to another partner which would bring the total count to 3. This 3rd partner is requiring me to NAT all the addresses on my network to a different subnet. I've never had to configure NAT through a VPN before and I can't seem to find any documentation on how to do this on cisco's site. Does anybody have any input or advice?
This falls under policy nat, I have done similar scenario but in asa firewall where other end of tunnel expect that when the tunnel is stablished that you appear to them with a pre-defined nat pool addresses already configured at their end thus mapping that pre-defined pool into their destination hosts. Therefore , your side of the tunnel must be natted to that pool before your source hosts can access the destination hosts.
This is an example in pix/asa firewall
assume your source hosts prior NAT are 10.10.10.0, destination host is 220.127.116.11 at other side of tunnel
NAT pool assign to you is 18.104.22.168/24
access-list CLIENT-A-Tunnel permit ip 10.10.10.0 255.255.255.0 host 22.214.171.124
global (outside) ID# 126.96.36.199-188.8.131.52 netmask 255.255.255.0
nat (inside) ID# access-list CLIENT-A-Tunnel
But in IOS I have not seen a specific document as ablove PIX/ASA example but you could apply the example in the bellow link.
Not exactly but similarly if your network and other side of the tunnel had duplicate local LAN addresses at each end, but instead you will nat or hide if you will your inside LAN before it hits the other end of the tunnel.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :