Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

source nat a vpn pool to different subnet to circumvent add a route

Hello all,

I am not really familar with Cisco 1800 series router, especially the natting part.

I have a customer with a voice and office vlan and a ipvpn to a different branch office. The ipvpn router (managed by Vodafone) connects the two sites and is gateway for both vlans.

There is also an internet router for internet connectivity. On that router there is vpn configured, vpn clients can only reach the office vlan.

I have to give a vpn host connectivity to voice vlan and since the vpn subnet is not known on the vodafone router I want to use NAT.

How do I configure vpn traffic to the voice vlan, to be natted first to the office vlan interface of the internet router so that the voice server can send traffic back to the vpn client?

I have attached a simple drawing that hopefully clearifies the situation.

Any help is really appreciated!


Kind regards,

Ralph Willemsen

Arnhem, Netherlands

New Member

Hi Ralph,I think the most

Hi Ralph,

I think the most simple solution is to use the interface adres of the internal LAN for PAT/NAT overload.

First you create an ACL to match the traffic that you want to NAT, and especcialy the traffic that you dont want to NAT:

access-list 102 permit   ip <vpn range> <vpn mask> <voip lan> <voip mask>
access-list 102 deny ip any any

next you define a route-map to later use for your NAT config:

route-map nonat permit 10
 match ip address 102

the apply the NAT rule:

ip nat inside source route-map nonat interface <internal LAN eth> overload

next set NAT to the interfaces:

interface <outside interface>

 ip nat inside


interface <internal LAN>

 ip nat outside


CreatePlease to create content