Krasten,

Mohammad Zubair · ‎12-16-2016

Hello,

1)As client Requirement is remote access VPN , should communicate with Site to site VPN .

2)Can i NAT remote access VPN subnet with Inside LAN ip.

Thanks,

zubair mohammad.

Karsten Iwen · ‎12-16-2016

Yes, that can be done. But it would make your setup more complex. If possible I would ad the RA-pool to the S2S-crypto-definition to let the clients communicate transparently.

Mohammad Zubair · ‎12-16-2016

Hello Karsten,

Thanks for prompt reply.

Yes i have suggest to client that if we added RA-Pool in site to site vpn then remote vpn user will communicate to site to site .

But as they required to do RA-Pool to lan ip .can you please suggest the how to do the configuration

LAN Inside Network:10.0.0.0/24 and Client VPN RA-Pool:172.20.1.0/24 .

How to do PAT on this scenario.

Thanks,

zubair Mohammad.

Karsten Iwen · ‎12-16-2016

You need something like the following. The source is PATed when a VPN-User tries to reach a S2S-destination:

object network REMOTE
 subnet THE-REMOTE-VPN-NET
object network POOL
 subnet 172.20.1.0 255.255.255.0
object network PAT-IP
 host 10.0.0.x
!
nat (outside,outside) source dynamic POOL PAT-IP destination static REMOTE REMOTE

Mohammad Zubair · ‎12-16-2016

Krasten,

Thanks Lot for your help ...

i will try this let you the status .

Thanks,

zubair mohammad.

Cisco Client VPN can i NAT with Inside Lan ip.