Can I make a static nat for remote IPSec network?

chillicom · ‎12-04-2010

Router A

one interface (fast eth) of a router is - 10.9.180.251

other interfasace fast eth- real IP

I can ping 10.8.42.68 from router A

Router B

one int (fast eth) IP- 10.10.1.1

othert int fast eth - real IP

IPSec and GRE exists between router A and router B

traffic coming from 10.10.1.0 network is being patted to 10.9.180.251 while entering the 10.8.0.0 /16 network

I want to make a one to one nat with 10.9.180.251 and 10.10.1.54 for tcp port say 100

When traffic from 10.8.0.0 network hit 10.9.180.251 in port 100 it will actually hit 10.10.1.54 in port 100.

Is it possible? Please help

andrew.prince · ‎12-05-2010

Yes this is possible - you need to diagram the exact flow of packets.

You then need to write route-maps that reference access-lists to permit/deny NAT to take place.

Important point is - you arer already NAT'ing, so you do not want to re NAT traffic.

REMEMEBR - when you reference an ACL with a DENY clause - this is to NOT NAT.