NATting across VPN link

spacemky · ‎01-22-2009

We connect to a branch office network via an IPSec VPN. The branch office is curretnly NATting their own traffic out to the Internet, and I am wondering what it would take to configure the router to also NAT (to the Internet) for our traffic.

The branch office private network is 10.40.65.0/24, and our network is 192.168.80.0/24. I'd like to route traffic up the VPN tunnel, and have it get NATted to the Internet from the other site. The current relevant router config on the branch office end:

interface FastEthernet0

ip nat outside

ip address 70.70.50.50 255.255.255.192

interface Vlan1

ip nat inside

ip address 10.40.65.81 255.255.255.0

ip route 0.0.0.0 0.0.0.0 70.70.50.1 permanent

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload

access-list 101 deny ip 10.40.65.0 0.0.0.255 192.168.80.0 0.0.0.255

access-list 101 permit ip 10.40.65.0 0.0.0.255 any

route-map SDM_RMAP_1 permit 1

match ip address 101

I've tried a few things already, including adding 192.168.80.0 to access-list 101, but no success. Thanks experts!

Rupesh Kashyap · ‎01-22-2009

Hi, can you clear your objective. I have read the configuration, but want to know ur intension.

spacemky · ‎01-23-2009

The intention is to have the router at the other end of the VPN tunnel, to NAT traffic from my network out to the Internet.

- We have already established an IPSec VPN. Our network is 192.168.80.0/24 and the remote network is 10.40.65.0/24.

- The remote network NATs traffic out to the Internet for their own 10.40.65.0/24 network.

- We would also like to be able to NAT out the remote router to the Internet.

- This is due to business reasons - some traffic must be sourced from the branch office, and not the primary location.

MYNET--RTRA--INTERNET,IPSEC--RTRB--BRANCH

The goal is to NAT MYNET traffic out of RTRB. How could I do this? RTRB is already NATting traffic for BRANCH to the Internet. Thanks!