Cisco IOS - Destination NAT within VPN tunnel to PIX/ASA
I am trying to configure a remote worker setup where users can be given a router which they connect to their home DSL network, which will then get an address by DHCP from their router and then create a point to point VPN back to an ASA or PIX at the HQ office. This is made more complex by the fact that the HQ LAN uses 192.168.1.0/24, as do most home DSL routers. The home worker router also needs to do DHCP on its internal interfaces and dynamic NAT, so that internal machines can still access the Internet outside of the tunnel.
The network map looks like this:
I have sucessfully set up a dynamic VPN on the HQ PIX which allows the router to create a tunnel, and this works fine when connected to a DSL router with internal address range of 192.168.100.0/24, i.e. not overlapping with the HQ LAN.
I assume I need to do destination NAT on the home worker router and un-NAT on the PIX, but I cannot work out how to do this.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...