Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1934
Views
3
Helpful
36
Replies

Static NAT Issue

BCS-Tech
Level 1
Level 1

‎09-03-2024 09:24 AM

FPM 1010 using FTD

Is there a way to do a static NAT from one office IP to another office IP through a Site-to-Site VPN tunnel.

We use a cloud provided software that prints to local printers using IP printing.
The cloud provider and our local office have s Site-To-Site VPN. so users can print to a 192.168.126.??? printer
Cloud provider 172.156.XXX.XXX/28
Local office 192.168.126.0/24
VPN Remote  192.168.0.0/24

Our office is Site-to-Site VPN with our Remote office.

Our cloud provider cannot use 192.168.0.XXX to be able to print to one of our printers since that is already being used by another of their customers.

I would like to setup a printer in the cloud location to print to 192.168.126.90 and have that NATTED to 192.168.0.20.
Is this possible?

So far I have not been successful

From the local office, I can ping 192.168.0.20, but cannot ping 192.168.126.90

Help
"Lost in Space"

 

Labels:
0 Helpful
36 Replies 36

MHM Cisco World
VIP
VIP

‎09-03-2024 09:38 AM - edited ‎09-03-2024 09:39 AM

Yes you can 

Use NAT 

Then use mapped IP in acl of IPSec in local peer and remote peer

MHM

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 09:42 AM

Thanks, but can you be more specific?

NAT
Is the translated Interface Outside or (inside since it is a site-to-site)

Need help on the "mapped IP"

Thanks in advance.

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 09:44 AM

I already have an allow ANY to ANY both inbound and outbound for ACL between both offices.

0 Helpful

MHM Cisco World
VIP
VIP
In response to BCS-Tech

‎09-03-2024 09:58 AM

Ok 

What is local LAN and is remote LAN waht is mapped LAN?

Let me guide you to config vpn step by step

MHM

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 10:07 AM

The local an remote info is in the first post above.

The site-to-site VPN is setup and I can ping both ways. 

My issue to connecting a local IP to a remote IP using NAT.

0 Helpful

MHM Cisco World
VIP
VIP
In response to BCS-Tech

‎09-03-2024 10:23 AM

Local office 192.168.126.0/24 

Local office 192.168.126.90 -> 192.168.0.20
VPN Remote  192.168.0.0/24

Now let start

First' remove the any at any it bad idea use any in vpn acl 

Use acl 

First line 

192.168.126.0/24 to 192.168.0.0/24

192.168.10.20/32 to192.168.0.0/24

Why 192.168.10.20 becuase you can not use 192.168.0.20 since remote use 192.168.0.0/24 this make conflict in IP

Config NAT 

Real IP

Source 192.168.126.90 

Destiantion 192.168.0.0

Translate IP

Source 192.168.10.20 

Destiantion 192.168.0.0

Do above and check 

MHM

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 10:35 AM

This does not make since to me

Real IP

Source 192.168.126.90 
Destiantion 192.168.0.0

Translate IP

Source 192.168.10.20 
Destiantion 192.168.0.0

You want me to NAT to a .0 address that does not exist?

0 Helpful

MHM Cisco World
VIP
VIP
In response to BCS-Tech

‎09-03-2024 10:52 AM

Real IP

Source 192.168.126.90 <<- this NATing 
Destiantion 192.168.0.0 <- this destiantion use as condition

Translate IP

Source 192.168.10.20 
Destiantion 192.168.0.0 <<- no NAT

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 10:58 AM

Destiantion 192.168.0.0 <- this destiantion use as condition

Should this be a network?  /24
or
host?

MHM Cisco World
VIP
VIP
In response to BCS-Tech

‎09-03-2024 11:00 AM

Friend it must be /24 

MHM

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 11:06 AM

This is what I currently have.  The "Mooresville-Inside" is 192.168.0.0/24

Nat 1.JPG

When I ping 192.168.10.20, I get no reply.  When I ping 192.168.0.20, I get a reply. I am pinging from 192.168.126.2

I know I am missing something. And I want to say I appreciate all the help.

0 Helpful

MHM Cisco World
VIP
VIP
In response to BCS-Tech

‎09-03-2024 11:09 AM

When I ping 192.168.10.20, I get no reply.  When I ping 192.168.0.20, I get a reply. I am pinging from 192.168.126.2

How you ping from 192.168.126.2 ? You need to ping from remote office 192.168.0.x to 192.168.10.20 and local office will NATing it to 192.168.126.0.90.

Or I am wrong?

MHM

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 11:14 AM

The local office is 192.168.126.0/24

Remote office 192.168.0.0/24

remote Printer I want to be able to ping to using the local ip of 192.168.126.90 is 192.168.0.20

I want to be able ping 192.168.126.90 from 192.168.126.2 and the system connects to the remote of 192.168.0.20 and sends the reply back as a complete ping.

Is this posible?

0 Helpful

BCS-Tech
Level 1
Level 1

‎09-03-2024 11:21 AM

If this is possible, then I can give the cloud provider and internal IP address of 192.168.126.90 for a printer on their print server and that system will send the print job to 192.168.126.90 and the local FPM1010 will NAT that job to 192.168.0.20 and the system should print the file.

That's the plan anyway.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card