Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
5
Replies

Temp NAT vpn traffic target on 2801

Go to solution
abclabsmo
Level 1
Level 1

‎01-14-2019 06:23 AM

So here is the story... I have a 2801 that is the VPN endpoint for our Avaya phones using their built in VPN client.  Working fine.  However I am going to have to change the IP of our Avaya phone server so I would like to predeploy replacement avaya phones with the new phone server IP setup.

 

I need to get the traffic coming over the VPN tunnel from phones that will be trying to go to the new IP of 10.2.140.10 to actually go the current IP of 10.200.96.253.  And traffic coming over the VPN tunnel to the current IP of 10.200.96.253 needs to be left alone.  I have been trying to figure out some kind of destination NAT with no luck.  Tried a static NAT and that breaks things since it translates all of the traffic.

 

Anyone have any wizardry for this?

 

Thx.

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abclabsmo
Level 1
Level 1
In response to abclabsmo

‎01-14-2019 11:16 AM

I managed to get this sorted out by approaching this from a different angle. I setup another VPN group with a different DHCP pool and was able to use that different DHCP pool to identify the traffic and do a route map and NAT based on that.
It looked like below... The stmt took care of traffic in both directions and did not interfere with prod.
ip nat inside source static 10.200.96.253 10.2.140.10 route-map newphone
Thx for the clue about using route map.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-14-2019 06:49 AM

 

The static NAT breaks it because it translates the IPs even when you don't want that to happen ? 

 

Are the phones using the new IP distinguishable from the ones using the old IP ie. you may be able to use a route map and acls with your NAT to specify exactly which IPs should be translated etc. 

 

Jon

0 Helpful

Go to solution
abclabsmo
Level 1
Level 1
In response to Jon Marshall

‎01-14-2019 06:52 AM

HI..

 

The only difference with the new phones would be the target IP of the traffic.  Else nothing else is different.

Hmmm...Route map.  Had not thought of that and haven't done one in many years.  Will start digging!

 

 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-14-2019 07:04 AM

Hello

Would you be able to post simple topology of this flow to show to get a better understanding of what you are trying to achieve?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
abclabsmo
Level 1
Level 1
In response to paul driver

‎01-14-2019 07:26 AM

Hi...Sorry I don't have one handy.... But it is pretty simple anyhow..
I need VPN traffic that is trying to go to 10.2.140.10 to actually go to 10.200.96.253. And, for now, any traffic going already going to/from 10.200.96.253 left alone. A kind of destination based nat.
0 Helpful

Go to solution
abclabsmo
Level 1
Level 1
In response to abclabsmo

‎01-14-2019 11:16 AM

I managed to get this sorted out by approaching this from a different angle. I setup another VPN group with a different DHCP pool and was able to use that different DHCP pool to identify the traffic and do a route map and NAT based on that.
It looked like below... The stmt took care of traffic in both directions and did not interfere with prod.
ip nat inside source static 10.200.96.253 10.2.140.10 route-map newphone
Thx for the clue about using route map.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card