cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
491
Views
0
Helpful
2
Replies

Bidirectional NAT site to site vpn

mihai.vasc
Level 1
Level 1

Hi guys,

I have the following scenario: Site to Site vpn with NAT configured on local cisco router like bellow (remote network not managed by me)

Outgoing vpn traffic is overload NAT-ed

ip nat pool NAT_POOL 10.62.15.67 10.62.15.68 netmask 255.255.255.240

ip nat inside source list ACL_NAT_OUT pool NAT_POOL overload

ip access-list ext ACL_NAT_OUT

permit ip 10.1.48.0 0.0.0.255 10.141.165.0 0.0.0.255

 

Incoming traffic for local host 10.1.48.37 is NAT-ed like

ip nat inside source static 10.1.48.37 10.62.15.83 route-map RM_NAT_STATIC extendable reversible

 

ip access-list ext ACL_NAT_STATIC

 permit ip host 10.1.48.37 10.141.165.0 0.0.0.255

 

route-map RM_NAT_STATIC permit 10
 match ip address ACL_NAT_STATIC

 

Once I configure the incoming one to one NAT, the outbound traffic from local host 10.1.48.37 to remote host 10.141.165.22 is not working anymore.

Can you please tell me what is wrong?

Thanks

2 Replies 2

Hello
Not quite what you are trying to accomplish here, you mention bi-directional nat and show a static nat route-map statement, which based on source/destination traffic flow, Which probably isn't necessary, as by default any static nat/pat statements are bi-directional anyway, However what is incorrect is the inside global addressing allocated for the static nat -10.62.15.83, which  isn't in the same subnet as the inside global addressing of the nat pool. - 10.62.15.64/28

so if you are wanting to use 10.62.15.83 then it needs to be reachable externally to your rtr


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

please draw what you want if you can ?

Review Cisco Networking for a $25 gift card