Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
242
Views
0
Helpful
1
Replies

Nat remote VPN users with inside interface IP

majedalanni
Level 1
Level 1

‎04-18-2011 10:21 AM

Hi there,

I have question about my network,

I have firewall (X) that connecting with few firewalls (X1,X2,X3, .. etc) by site to site tunnel, I want to connect to firewall X by VPN over Cisco client, that let me reach the all other firewalls (X1, X2, .. etc)

VPN remote access uses 192.168.5.0 network

site 2 site uses 172.16.X.X network,

Can I do NAT for network 192.168.5.0/24 with  inside IP interface? because this IP can reach all other firewalls, and how I do it?

Thank you for your advance help.

Mike

Labels:
0 Helpful
1 Reply 1

manish arora
Level 6
Level 6

‎04-18-2011 01:00 PM

Hi Mike ,

I don't think that you have to Nat this 192.x.x.x ip , Infact you need to add this range to the nonat + crypto_acl ( for vpn traffic ) and it will work for you.

I am unable to find a good doc on it but it would be like :-

Firewall X site to site to firewall Y ,

firewall X inside range 172.16.10.x/24 to firewall y 172.16.20.x/20. Firewall X also has remote vpn user 192.168.10.x.

so you will need to insert 192.168.10.x/24 to both crypto acl that will indentify it as interesting traffic on both firewalls and also have to include it into the NONAT statements.

Let me know if i didn't quite understood your question.

Manish

0 Helpful
Customers Also Viewed These Support Documents