we already have a workin IPSec tunnel between us and the client. issue is with one of the subnets that we need to access over the tunnel.
Both sides have a one of the subnet as common ( e.g 10.0.0.0/24 subnet being used by client and as well as us). we have one server that needs to reach to one of the server in other subnet ( 10.12.0.0/24). But at the clinet end they are using a server whic as same addresses as our server,.
We thought to do a Nat of the traffic going from our server towards client subnet. but we already have a public IP natted to that server here at our place.
You wil have to NAT the remote end server IP and they will have to NAT your server also. If I understand your question, if you have a server (for example) 10.0.0.1 and they have a server 10.0.0.1 and these 2 servers must talk to each other, then both sides have to use NAT. Otherwise as the server just sees it just talks to itself.....
If you already have a static NAT on the server in question, you should be able to use the public IP you have NATed as interesting traffic for the tunnel. Example would be if the 10.1.1.1 is NATed to 220.127.116.11, you should be able to put 18.104.22.168 in your ACL as interesting traffic when going to the peer. Then when it needs to get to the other side, it uses the tunnel, but all other traffic works normal.
Something like this as far as ACL:
access-list Crytpo permit ip host 22.214.171.124 host 126.96.36.199
With 188.8.131.52 being the server on the other side that you have also publically NATed. Then you would reverse it for the other side. Hopefully I have understood you correctly.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :