Solved: PAT after site-to-site VPN in Cisco IOS router

Kurt Lei · ‎06-26-2018

Hi All,

I have a design question about my client network.

Refer to the network diagram, originally, the traffic from Taiwan to Germany should flow between the MPLS network. However, the MPLS connection in Taiwan will discconect soon. So we need to find an alternative path on the connection between Taiwan and Germary.

In the alternative path design, Taiwan initiate the traffic and reach Hong kong via site-to-site VPN connection. The VPN router decrypted the traffic and perform PAT to a Hong Kong subnet IP immediately. Hong kong will route the traffic to Germany via MPLS network. For the return path, Germany will route back the Taiwan traffic to Hong Kong (NAT before). Hong Kong VPN router will reverse NAT and site-to-site VPN taiwan.

Actually, I'm not sure whether Cisco IOS router can perform PAT immediately after decrypted site-to-site VPN. And is it feasible solution on my design ? If not, is there any alternative design on it ? Thanks a lot.

Dennis Mink · ‎06-28-2018

I think this will work. Have you got the tunnel between Honkers and Taiwan already up?

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Dennis Mink · ‎06-28-2018

I think this will work. Have you got the tunnel between Honkers and Taiwan already up?

Please remember to rate useful posts, by clicking on the stars below.

Kurt Lei · ‎06-29-2018

Hi Dennis,

Yes the VPN tunnel is already built from Hong Kong to TaiWan already.

Regards,

Kurt