04-19-2021 08:37 AM
Hi guys,
I have the following scenario: Site to Site vpn with NAT configured on local cisco router like bellow (remote network not managed by me)
Outgoing vpn traffic is overload NAT-ed
ip nat pool NAT_POOL 10.62.15.67 10.62.15.68 netmask 255.255.255.240
ip nat inside source list ACL_NAT_OUT pool NAT_POOL overload
ip access-list ext ACL_NAT_OUT
permit ip 10.1.48.0 0.0.0.255 10.141.165.0 0.0.0.255
Incoming traffic for local host 10.1.48.37 is NAT-ed like
ip nat inside source static 10.1.48.37 10.62.15.83 route-map RM_NAT_STATIC extendable reversible
ip access-list ext ACL_NAT_STATIC
permit ip host 10.1.48.37 10.141.165.0 0.0.0.255
route-map RM_NAT_STATIC permit 10
match ip address ACL_NAT_STATIC
Once I configure the incoming one to one NAT, the outbound traffic from local host 10.1.48.37 to remote host 10.141.165.22 is not working anymore.
Can you please tell me what is wrong?
Thanks
04-19-2021 03:02 PM - edited 04-19-2021 11:17 PM
Hello
Not quite what you are trying to accomplish here, you mention bi-directional nat and show a static nat route-map statement, which based on source/destination traffic flow, Which probably isn't necessary, as by default any static nat/pat statements are bi-directional anyway, However what is incorrect is the inside global addressing allocated for the static nat -10.62.15.83, which isn't in the same subnet as the inside global addressing of the nat pool. - 10.62.15.64/28
so if you are wanting to use 10.62.15.83 then it needs to be reachable externally to your rtr
04-19-2021 06:04 PM
please draw what you want if you can ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide