Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
5
Helpful
1
Replies

Double nat for a host

Go to solution
halids44
Level 1
Level 1

‎11-24-2019 05:03 AM

hello everyone,

in my topology., my client has an ip adress 192.168.1.1. remote site server has 10.251.67.44. I succeed the access the server with a different source ip address 172.29.103.1 via ipsec tunnel. by the static nat I am changing the source private ip to another private ip address. because remote site doesn't accept any other source address for the server. But I want my host to access the internet with the same outgoing interface and with the outside public ip address. How can I achive that? Both routers are 1841 series.  thanks for your interest.

Labels:
Preview file
94 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎11-24-2019 05:37 AM - edited ‎11-24-2019 01:33 PM

Hello
So you with need to nat that source ip on two occasions 
1) Default dynamic pat going towards your isp
2) Static nat towards destination host over the vpn

To accommodate the static nat vpn and dynamic nat for internet example:
access-list 101 permit ip host 192.168.x.x host 10.x.x.x
access-list 1 permit 192.168.x.x 0.0.0.255

Route-map ISP_rm
match ip address 1
match interface <isp1>

Route-map Vpn
match ip address 101
match interface <vpn>

ip nat pool ISP <public ip public ip> prefix-length 24 
ip nat inside source route-map ISP_rm pool ISP
ip nat inside source static 192.168.x.x 172.16.x.x.x route-map Vpn 

ip route 0.0.0.0 0.0.0.0 <x.x.x> ISP nexthop
ip route 10.x.x.x 255.255.255.255 <x.x.x> VPN nexthop

 

Sent from iphone 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

1 Reply 1

Go to solution
paul driver
VIP
VIP

‎11-24-2019 05:37 AM - edited ‎11-24-2019 01:33 PM

Hello
So you with need to nat that source ip on two occasions 
1) Default dynamic pat going towards your isp
2) Static nat towards destination host over the vpn

To accommodate the static nat vpn and dynamic nat for internet example:
access-list 101 permit ip host 192.168.x.x host 10.x.x.x
access-list 1 permit 192.168.x.x 0.0.0.255

Route-map ISP_rm
match ip address 1
match interface <isp1>

Route-map Vpn
match ip address 101
match interface <vpn>

ip nat pool ISP <public ip public ip> prefix-length 24 
ip nat inside source route-map ISP_rm pool ISP
ip nat inside source static 192.168.x.x 172.16.x.x.x route-map Vpn 

ip route 0.0.0.0 0.0.0.0 <x.x.x> ISP nexthop
ip route 10.x.x.x 255.255.255.255 <x.x.x> VPN nexthop

 

Sent from iphone 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card