Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site to Site VPN: Static and Dynamic NAT

Overview of data flow. The other company is requiring us to nat to the 192.168.x.x addresses

- Outbound ftp traffic from any host to X needs to be natted to a single ip address

- SMTP traffic needs to flow both ways to a natted ip address (problem here is that our server will send email on 1 ip address and receive on another)

- Inbound ftp needs to go to a single natted ip address

Our ip's are 10.10.x.x and we will be natting to a 192.168.221.x address.

Two Static Nat's for inbound ftp and smtp traffic

Static (inside,outside) 192.168.221.241 10.10.x.y [This is for the inbound ftp]

Static (inside,outside) 192.168.221.242 10.10.x.x [ Inbound SMTP Traffic]

Dynamic Nat for Outbound FTP/SMTP

Access-list mynat permit ip 10.10.0.0 255.255.0.0 host x.y.z.1 (traffic to ftp)

access-list mynat permit ip 10.10.0.0 255.255.0.0 host x.y.z.2 (traffic to their smtp server)

Nat(inside) 4 access-list mynat

Global(outside) 4 192.168.221.243

Crypto Access-list

Access-list vpnacl permit ip 192.168.221.240 255.255.255.252 x.y.z.0 255.255.255.0

Crypto map mymap 10 match address vpnacl

Thanks

1 REPLY
Community Member

Re: Site to Site VPN: Static and Dynamic NAT

I forgot to ask if anyone could let me know if this would work and if it is the best way to do it.

Thanks

132
Views
0
Helpful
1
Replies
CreatePlease to create content