IPsec Nating

kzhen · ‎01-30-2008

To build site to site VPN tunnel, one site is using ASA5504, the other site is using LinksysWEV54G. Linksys is doing nating, one public ip address 140.x.x.1, and one subnet private ip address 192.168.1.0 running DHCP. Somehow, we have a 1811 router connect to Linksys via F0/0, and we have machines running 10.10.10.x/24. In the router 1811, can we run nating? Please see below router 1811 configurtion:

!

interface FastEthernet0

ip address dhcp

ip virtual-reassembly

duplex auto

speed auto

ip nat outside

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface FastEthernet9

!

interface Vlan1

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip route 0.0.0.0 0.0.0.0 FastEthernet0

!

no ip http server

no ip http secure-server

ip nat inside source list 7 interface FastEthernet0 overload

!

no cdp run

!

access-list 7 permit 10.10.10.0 0.0.0.255

As you see, there are double nating on one site. Here are my concerns:

1) I have no experience on Linksys. Does 10.10.10.0/24 can pass traffic through Linksys and back to ASA one the other site ideally?

2) Does router 1811 configure ok?

Please help!

Rick Morris · ‎02-01-2008

Just so I understand the set-up.

You have a Tunnel built

One site has one router ASA

The other site has a Linksys and a 1811

The tunnel terminates between the Linksys and the ASA

What is the purpose of the 1811?

Why is the tunnel set on the linksys and not the 1811?

What is the purpose of the linksys?

I am trying to understand the set-up and why the need for the config you have, running the double nat.