03-24-2014 12:53 AM - edited 03-04-2019 10:38 PM
Hello all,
I am not really familar with Cisco 1800 series router, especially the natting part.
I have a customer with a voice and office vlan and a ipvpn to a different branch office. The ipvpn router (managed by Vodafone) connects the two sites and is gateway for both vlans.
There is also an internet router for internet connectivity. On that router there is vpn configured, vpn clients can only reach the office vlan.
I have to give a vpn host connectivity to voice vlan and since the vpn subnet is not known on the vodafone router I want to use NAT.
How do I configure vpn traffic to the voice vlan, to be natted first to the office vlan interface of the internet router so that the voice server can send traffic back to the vpn client?
I have attached a simple drawing that hopefully clearifies the situation.
Any help is really appreciated!
Kind regards,
Ralph Willemsen
Arnhem, Netherlands
03-24-2014 05:32 AM
Hi Ralph,
I think the most simple solution is to use the interface adres of the internal LAN for PAT/NAT overload.
First you create an ACL to match the traffic that you want to NAT, and especcialy the traffic that you dont want to NAT:
access-list 102 permit ip <vpn range> <vpn mask> <voip lan> <voip mask>
access-list 102 deny ip any any
next you define a route-map to later use for your NAT config:
route-map nonat permit 10
match ip address 102
the apply the NAT rule:
ip nat inside source route-map nonat interface <internal LAN eth> overload
next set NAT to the interfaces:
interface <outside interface>
ip nat inside
interface <internal LAN>
ip nat outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide