Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

natted traffic over the ipsec tunnel

Hi,

we already have a workin IPSec tunnel between us and the client. issue is with one of the subnets that we need to access over the tunnel.

Both sides have a one of the subnet as common ( e.g 10.0.0.0/24 subnet being used by client and as well as us). we have one server that needs to reach to one of the server in other subnet ( 10.12.0.0/24). But at the clinet end they are using a server whic as same addresses as our server,.

We thought to do a Nat of the traffic  going from our server  towards client subnet. but we already have a public IP natted to that server here at our place.

Is there a way to do this??

thanks

satish

2 REPLIES

natted traffic over the ipsec tunnel

You wil have to NAT the remote end server IP and they will have to NAT your server also.  If I understand your question, if you have a server (for example) 10.0.0.1 and they have a server 10.0.0.1 and these 2 servers must talk to each other, then both sides have to use NAT.  Otherwise as the server just sees it just talks to itself.....

New Member

natted traffic over the ipsec tunnel

If you already have a static NAT on the server in question, you should be able to use the public IP you have NATed as interesting traffic for the tunnel. Example would be if the 10.1.1.1 is NATed to 1.1.1.1, you should be able to put 1.1.1.1 in your ACL as interesting traffic when going to the peer. Then when it needs to get to the other side, it uses the tunnel, but all other traffic works normal.

Something like this as far as ACL:

access-list Crytpo permit ip host 1.1.1.1 host 2.2.2.2

With 2.2.2.2 being the server on the other side that you have also publically NATed. Then you would reverse it for the other side. Hopefully I have understood you correctly.

374
Views
0
Helpful
2
Replies
CreatePlease to create content