Source Address (NAT) L2L tunnel

rsherman · ‎01-05-2009

I am currently setting up a L2L tunnel, I need all traffic from my site to get translated to an address before it traverses the tunnel. All VPN traffic from my site will be coming only from one device.

Traffic internally will be coming from 192.168.0.99, I need this to get translated to 172.200.248.155 before it traverses the tunnel. I do not want this to affect internet traffic. I know on the ASA's you do policy NAT, but what procedure

do you following on an 1841 router?

I have attached the necessary pieces of the configuration.

Thanks in advance,

Roger

andrew.prince · ‎01-05-2009

AFAIK - there is no direct policy nat available, but you could try something. Try using a route map, with a nat statement using a pool of addresses - but the pool only have 1 address, something like:-

ip nat pool test1 x.x.x.x x.x.x.x netmask 255.255.255.255

ip nat inside source route-map test pool test1

access-list 101 permit ip host y.y.y.y host z.z.z.z

route-map test permit 10

match ip address 101

access-list 102 permit ip host x.x.x.x host z.z.z.z

crypto map vpntunnel

match address 102

x.x.x.x - translated IP address

y.y.y.y - original IP address

z.z.z.z - remote end IP address for VPN tunnel

HTH>