Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
2
Replies

IOS VPN with conflicted IP Addressranges (ISR 1841)

Robert_Berger
Level 1
Level 1

‎04-04-2005 07:03 AM - edited ‎02-21-2020 12:03 AM

Hello everybody,

can someone help by this configuration:

10.5.0.0 is used on VPN1 and VPN2 side. Therfore i need to NAT spezial traffic on Router B.

example USING 10.254.0.11 as dummy to go to 10.5.0.11 by VPN-Tunnel-2

Router B should NAT back from 10.254. to 10.5. and this only by traffic from and to 80.x.x.x

********

ROUTER A

********

crypto map my_cry 19 ipsec-isakmp

set peer 80.z.z.z

...

match address VPN1

ip access-list extended VPN1

permit ip host 80.x.x.x 10.0.0.0 0.31.255.255

!

crypto map my_cry 20 ipsec-isakmp

set peer 80.y.y.y

...

match address VPN2

!

ip access-list extended VPN2

permit ip host 80.x.x.x 10.254.0.0 0.0.1.255

!

********

ROUTER B

********

!

crypto map my_cry 20 ipsec-isakmp

set peer 80.x.x.x

...

match address VPN1

!

ip access-list extended VPN1

permit ip 10.254.0.0 0.0.1.255 host 80.x.x.x

!

ip access-list extended NO-NAT

deny ip 10.5.0.0 0.0.1.255 10.5.200.0 0.0.0.255 ... other VPN LAN-LAN connect's

deny ip 10.5.0.0 0.0.1.255 host 80.x.x.x

permit ip 10.5.0.0 0.0.255.255 any

!

ip access-list extended NET-MAP

permit ip 10.5.0.0 0.0.1.255 host 80.x.x.x

deny ip any any

!

route-map RMAP permit 1

match ip address NO-NAT

!

route-map NET-RMAP permit 10

match ip address NET-MAP

!

ip nat inside source route-map RMAP interface FastEthernet0/1 overload

ip nat inside source static network 10.5.0.0 10.254.0.0 /23 route-map NET-RMAP no-alias

!

Example close to (based on):

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

I can see incoming traffic "sh nat tr" but it translate me from 10.254.0.11 to 10.5.0.0 ...

Thank's Robert

0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎04-08-2005 06:50 AM

I think this could be an error in configuring the IP address. You need to check every IP address and verify if that is what you wanted to assign...

0 Helpful

Robert_Berger
Level 1
Level 1
In response to umedryk

‎04-08-2005 07:24 AM

At the moment i have insert the following statments:

ip nat inside source static 10.5.0.11 10.254.0.11 route-map NET-RMAP extendable

ip nat inside source static 10.5.1.2 10.254.1.2 route-map NET-RMAP extendable

ip nat inside source static 10.5.1.3 10.254.1.3 route-map NET-RMAP extendable

and so on for the importants connections.

But that can not be a sollution ..... I hope there is a better way to map a 23 Bit class fully as in each line...

Robert

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card