Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
2
Replies

Nat Help

Locayta123
Level 1
Level 1

‎03-01-2012 08:40 AM - edited ‎03-11-2019 03:37 PM

HI there.

I've had a request that i'd like to run past the group as i'm confused on how this may look / work.

A client has asked us to setup a VPN to thier office but only allow the connection from one internal IP. Users would have to access this remote network from multiple work stations but must route via this one IP.

Creating the VPN and configuring the Source and Destination within IPSec Rules sounds ok, but how would i route my office VLAN via this one IP that has been allocated for this conection.

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-01-2012 10:07 AM

Hello Jamie.

What version are you running?

Lets say you are running 8.4

So all you need to implement is that all your network when you want to access the other office via the VPN tunnel should get natted to one ip address. so that being the case here is what you need:

objet network Local_Lan

subnet 192.168.12.0 255.255.255.0

object network Remote_Office_Lan

subnet 172.16.0.0 255.255.0.0

Object network Natted_IP_L2L

Host 172.16.15.2

So the nat would look like this:

nat (inside,outside) source static Local_Lan   Natted_IP_L2L destination static  Remote_Office_Lan Remote_Office_Lan

On the crypto ACL for the site to site tunnel you also need to match that traffic:

access-list crypto_acl permit ip host 172.16.15.2 172.16.0.0 255.255.0.0

Regards,

Do rate all the helpful posts!!

Julio

Security Engineer

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Locayta123
Level 1
Level 1
In response to Julio Carvajal

‎03-02-2012 06:48 AM

Hi Julio.

Just to conifrm, as i understand it from the request i have been given.

My office LAN: Local_LAN 172.16.101.0/24

My assgined static off IP: Natted_IP 172.16.101.250

Remote network: Remote_LAN 10.71.130.19

I will be accessing Remote_LAN from Local_LAN via Natted_IP

nat (inside,outside) source static Local_Lan Natted_IP destination static Remote_LAN

access-list crypto_acl permit ip host 172.16.101.250 10.71.130.19

I was looking at addiding this via ASDM. I presume the NAT rule is a static NAT rule. I'm unsure how to add this for my office LAN side.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card