Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT on lab


I have a VPN lab setup between 2 routers into a vlan to act like a VPN:

Router 1 FE > Switch with Internet VLAN < Router 2 FE

The routers only have 1 FE port each, so these act as their external interface, each router has a loopback interface to act as their local LAN.

Now I want to assume that both LAN's (loopbacks) use the same IP range, I would like one of the routers to NAT so each LAN can communicate so one of the LAN's uses a completely different IP range. How can I do this? I assume I will need another device to provide the NATing?

  • WAN Routing and Switching
New Member

Re: NAT on lab

It's not clear to me what exactly u want to do ??? is it that u want to configure a site to site vpn on both routers.

Also u will not need another device to do NAT

New Member

Re: NAT on lab


As mention "I have a VPN lab setup between 2 routers" sorry if this wasn't clear.

Anyway I have a VPN lab setup and now want to assume that one of the sites IP ranges (on the loopback) is now the same range as the other site (also on the loopback), I want to NAT one site so they can ping each other.

I've created VPN's before between companies but have yet to have it where my LAN's IP clashes with a remote site/company but it will happen, so I need to practice this.

My 2 routers only have 1 FE each which go into the "internet" vlan on the switch, I have created a loopback on each for the LAN of each site.

New Member

Re: NAT on lab

Hello James,

This can be possible creating a ipsec vpn when both sites have their local lan ip address in the same subnet. Have a look at the link.



Re: NAT on lab

i am not sure 100%

but as static nat processed first

make static nat for one of ur internal LANs

which translat the entire subnet

then make nat exmption for the nated address

and make the source of ur crypto ACL the nat address

good luck

This widget could not be displayed.