Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN and NAT

Is possible NAT a IP address , and the same time , make VPN with that address .

By sample , my customer donn?t want that the ip x.x.x.x was reached from the otre site ( through VPN ) , ELSE , he want that the IP address be know like y.y.y.y . And the y.y.y.y go in the crypto access-list and the nat (0) .

In PIX is possible to make that .

Regards

2 REPLIES
New Member

Re: VPN and NAT

You simply dont need to put a nat(0) entry for the vpn traffic. Create a 1to1 mapping and use the natted address in the access-list defining interested traffic.

eg

static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255 0 0

access-list 152 permit ip host y.y.y.y

crypto map testmap 52 ipsec-isakmp

crypto map testmap 52 match address 152

crypto map testmap 52 set peer

crypto map testmap 52 set transform-set

Thanks

Syed

New Member

Re: VPN and NAT

Hi,

If you use static nat as above, this x.x.x.x will not able to translate to any other ip address (real IP Address) for other destination.Instead of making static nat use the dynamic nat as below.

access-list 150 permit ip host x.x.x.x

static(inside,outside) y.y.y.y access-list 150

Thanks,

Mustafa

103
Views
0
Helpful
2
Replies