Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
3
Replies

PAT over site to site VPN tunnel

carl_townshend
Spotlight
Spotlight

‎10-23-2018 09:02 AM - edited ‎02-21-2020 08:23 AM

Hi All

 

Just a quick sanity check, basically the requirement is that we NAT all our traffic to 1 ip address when going over the vpn tunnel.

The VPN is built on a natted source network of 192.168.1.0/27 , I have set a NAT rule to dynamically NAT all 10.0.0.0/16 traffic coming into the firewall to 192.168.1.1

So does the NAT happen before the crypto map, I cannot bring up the tunnel for some reason.

Any ideas why ?

cheers

0 Helpful
3 Replies 3

Angel_Inglese
Level 1
Level 1

‎10-23-2018 09:52 AM

Hi there!

Yes, the NAT happens before the encryption, and you should have your Natted segments in the VPN,

so, if your LAN is 10.0.0.0/16 and it is Natting into a subnet 192.168.1.0/24 as a source, then you should add the 192.168.1.0/24 subnet to the crypto map and it should establish the tunnel,

regards,

**please, consider rating helpful or as a solution, thank you**
0 Helpful

Angel_Inglese
Level 1
Level 1

‎10-23-2018 09:54 AM

please, consider adding more information such as log messages (erasing the critical information such as IP addresses or URL)
0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Angel_Inglese

‎10-24-2018 07:40 AM

Hi

Don't worry, all is working, issue was at the partner side

cheers

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card