Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN with static nat for an entire subnet

Hey there,

For some reason i cannot get this to work on the router. errrr.....

I am trying to config a static nat (many to one), that will take in effect only when traffic needs to go over our vpn tunnel to the remote location.

expample:

local Internal network 192.168.0.0

remote network: 10.10.10.0 and 10.10.15.0

when traffic goes over the vpn tunnel -  to the remote site, i need to translate my internal network (192.168.0.0) to a static ip address of 172.16.32.65

any ideas???

also on my crypto map ACL, what should be specified for interesting traffic?? my local network or the wanted static ip address?

Let me know your thought in the matter.

Regards,

R.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

VPN with static nat for an entire subnet

The NAT you are describing is named PAT or overloading, at least in Ciscos words ...

What you need:

1) A NAT-ACL where you describe your traffic that should be natted.

2) A nat-pool with your address 172.16.32.65

3) A NAT-statement for inside dynamic NAT based on the ACL to the pool

Here are some examples:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1073436

Your crypto ACL then referes to the NATted IP as NAT happens before encryption.

2 REPLIES
VIP Purple

VPN with static nat for an entire subnet

The NAT you are describing is named PAT or overloading, at least in Ciscos words ...

What you need:

1) A NAT-ACL where you describe your traffic that should be natted.

2) A nat-pool with your address 172.16.32.65

3) A NAT-statement for inside dynamic NAT based on the ACL to the pool

Here are some examples:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1073436

Your crypto ACL then referes to the NATted IP as NAT happens before encryption.

Community Member

VPN with static nat for an entire subnet

Beautifull, that did the trick.

Thanks you for the tips

340
Views
0
Helpful
2
Replies
CreatePlease to create content