Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
2
Replies

VPN with static nat for an entire subnet

Go to solution
hirasta
Level 1
Level 1

‎07-23-2012 02:01 PM

Hey there,

For some reason i cannot get this to work on the router. errrr.....

I am trying to config a static nat (many to one), that will take in effect only when traffic needs to go over our vpn tunnel to the remote location.

expample:

local Internal network 192.168.0.0

remote network: 10.10.10.0 and 10.10.15.0

when traffic goes over the vpn tunnel -  to the remote site, i need to translate my internal network (192.168.0.0) to a static ip address of 172.16.32.65

any ideas???

also on my crypto map ACL, what should be specified for interesting traffic?? my local network or the wanted static ip address?

Let me know your thought in the matter.

Regards,

R.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎07-23-2012 03:16 PM

The NAT you are describing is named PAT or overloading, at least in Ciscos words ...

What you need:

1) A NAT-ACL where you describe your traffic that should be natted.

2) A nat-pool with your address 172.16.32.65

3) A NAT-statement for inside dynamic NAT based on the ACL to the pool

Here are some examples:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1073436

Your crypto ACL then referes to the NATted IP as NAT happens before encryption.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎07-23-2012 03:16 PM

The NAT you are describing is named PAT or overloading, at least in Ciscos words ...

What you need:

1) A NAT-ACL where you describe your traffic that should be natted.

2) A nat-pool with your address 172.16.32.65

3) A NAT-statement for inside dynamic NAT based on the ACL to the pool

Here are some examples:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1073436

Your crypto ACL then referes to the NATted IP as NAT happens before encryption.

0 Helpful

Go to solution
hirasta
Level 1
Level 1
In response to Karsten Iwen

‎07-23-2012 04:12 PM

Beautifull, that did the trick.

Thanks you for the tips

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents