Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
207
Views
0
Helpful
0
Replies

nat on a stick with ipsec

gnijs
Level 4
Level 4

‎03-07-2018 08:36 AM - edited ‎03-08-2019 02:09 PM

I am struggling with this setup. The goal is easy: i have a remote site connected with VPN to the main office. The VPN router of the remote site is sitting behind the provider modem/router on the inside, on a private subnet 10.10.10.0/24, so the IPSEC gets natted. Host x can connect to each host y on the private part of the network. No problem so far.

 

But now, i want to simply connect to the provider modem/router from the main office.

Attached you find a topology drawing explaining the goal.

 

The 10.10.10.0/24 range is NOT part of corporate routing or encryption domain.

I want to translate host x to 10.10.10.3/24 when it connects to the modem.

But since 10.10.10.x/24 is not know in the main office, i also need to create a "dummy" destination for 10.10.10.1. For that i created a new loopback on the router: 10.8.8.0/30 which is part of the encryption and routing domain of the enterprise. The router is 10.8.8.1. The goal is that 10.8.8.2 represents the modem destination (10.10.10.1)

 

I tried with the following rules:

 

ip nat inside source static <host x> 10.10.10.3
ip nat outside source static 10.1.10.1 10.8.8.2

 

but that doesn't work. Any ideas ?

 

 

 

Labels:
Preview file
125 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card