Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
260
Views
0
Helpful
1
Replies

source nat a vpn pool to different subnet to circumvent add a route

erwee1973
Level 1
Level 1

‎03-24-2014 12:53 AM - edited ‎03-04-2019 10:38 PM

Hello all,

I am not really familar with Cisco 1800 series router, especially the natting part.

I have a customer with a voice and office vlan and a ipvpn to a different branch office. The ipvpn router (managed by Vodafone) connects the two sites and is gateway for both vlans.

There is also an internet router for internet connectivity. On that router there is vpn configured, vpn clients can only reach the office vlan.

I have to give a vpn host connectivity to voice vlan and since the vpn subnet is not known on the vodafone router I want to use NAT.

How do I configure vpn traffic to the voice vlan, to be natted first to the office vlan interface of the internet router so that the voice server can send traffic back to the vpn client?

I have attached a simple drawing that hopefully clearifies the situation.

Any help is really appreciated!

 

Kind regards,

Ralph Willemsen

Arnhem, Netherlands

Labels:
Preview file
90 KB
0 Helpful
1 Reply 1

svansteensel
Level 1
Level 1

‎03-24-2014 05:32 AM

Hi Ralph,

I think the most simple solution is to use the interface adres of the internal LAN for PAT/NAT overload.

First you create an ACL to match the traffic that you want to NAT, and especcialy the traffic that you dont want to NAT:

access-list 102 permit   ip <vpn range> <vpn mask> <voip lan> <voip mask>
access-list 102 deny ip any any

next you define a route-map to later use for your NAT config:

route-map nonat permit 10
 match ip address 102

the apply the NAT rule:

ip nat inside source route-map nonat interface <internal LAN eth> overload

next set NAT to the interfaces:

interface <outside interface>

 ip nat inside

 

interface <internal LAN>

 ip nat outside

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card