Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN NoNAT on 2811

Hello,

I've had a SonicWALL to SonicWALL VPN up and running for a few years, with network 192.168.5.x at my office able to access 192.168.6.x and 192.168.70.x at my datacenter.  Now the SonicWALL at my office needs to be replaced with a 2811, and I need to keep the VPN tunnel and working.

My 2811 is currently doing NAT, and I have the VPN tunnel up, but no traffic is passing.  I believe I've troubleshot it down to a NoNAT problem, and I don't know how to resolve with ACL's although I used to know how to do it on PIX.

What lines of code do I need to allow my office network (192.168.5.x) to access the datacenter network (192.168.6.x and 70.x)?  There are currently no ACL's applied to the WAN interface at all, and I only have one static IP.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Hi Eric,

Hi Eric,

 

access-list 111 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 111 deny ip 192.168.5.0 0.0.0.255 192.168.70.0 0.0.0.255

access-list 111 permit ip 192.168.5.0 0.0.0.255  any
route-map nonat permit 10
 match ip address 111

!

ip nat inside source route-map nonat interface <WAN Interface> overload

 

So this means whatever denied in Route-map ACL will be denied from NATing when it matches the specific rule and it goes as it is....

 

Regards

Karthik

1 REPLY

Hi Eric,

Hi Eric,

 

access-list 111 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 111 deny ip 192.168.5.0 0.0.0.255 192.168.70.0 0.0.0.255

access-list 111 permit ip 192.168.5.0 0.0.0.255  any
route-map nonat permit 10
 match ip address 111

!

ip nat inside source route-map nonat interface <WAN Interface> overload

 

So this means whatever denied in Route-map ACL will be denied from NATing when it matches the specific rule and it goes as it is....

 

Regards

Karthik

31
Views
0
Helpful
1
Replies
CreatePlease login to create content