cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
150
Views
0
Helpful
2
Replies
mihai.vasc
Beginner

Bidirectional NAT site to site vpn

Hi guys,

I have the following scenario: Site to Site vpn with NAT configured on local cisco router like bellow (remote network not managed by me)

Outgoing vpn traffic is overload NAT-ed

ip nat pool NAT_POOL 10.62.15.67 10.62.15.68 netmask 255.255.255.240

ip nat inside source list ACL_NAT_OUT pool NAT_POOL overload

ip access-list ext ACL_NAT_OUT

permit ip 10.1.48.0 0.0.0.255 10.141.165.0 0.0.0.255

 

Incoming traffic for local host 10.1.48.37 is NAT-ed like

ip nat inside source static 10.1.48.37 10.62.15.83 route-map RM_NAT_STATIC extendable reversible

 

ip access-list ext ACL_NAT_STATIC

 permit ip host 10.1.48.37 10.141.165.0 0.0.0.255

 

route-map RM_NAT_STATIC permit 10
 match ip address ACL_NAT_STATIC

 

Once I configure the incoming one to one NAT, the outbound traffic from local host 10.1.48.37 to remote host 10.141.165.22 is not working anymore.

Can you please tell me what is wrong?

Thanks

2 REPLIES 2
paul driver
VIP Mentor

Hello
Not quite what you are trying to accomplish here, you mention bi-directional nat and show a static nat route-map statement, which based on source/destination traffic flow, Which probably isn't necessary, as by default any static nat/pat statements are bi-directional anyway, However what is incorrect is the inside global addressing allocated for the static nat -10.62.15.83, which  isn't in the same subnet as the inside global addressing of the nat pool. - 10.62.15.64/28

so if you are wanting to use 10.62.15.83 then it needs to be reachable externally to your rtr



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
MHM Cisco World
Collaborator

please draw what you want if you can ?