I have setup a tunnel from my Cisco to the customer's checkpoint.
Tunnel comes up at phase 1 and 2.
however they want me to now nat my source network which is 192.168.0.0/24 onto 10.242.101.0/24
meaning on a host oer host basis:
192.168.0.6 to 10.242.101.2
192.168.0.7 to 10.242.101.3
My router has IP 192.168.0.210 on fa0/1 and my public ip is on fa0/0
My issue is how do i nat my 192.168.0.0/24 network onto the 10.242.101.0/24 network which is not even found on my router?
They need to see my source IP coming from the 10.242.101.0/24 network.
I also need to to nat then incoming as they will be accessing my services via the 10.242.101.0/24 network as well.
Can someone shed some light on this please?
When using nat for your ipsec, you should use the nat'ed ip in the interesting traffic (crypto acl) to trigger the tunnel. Other than that the nat configuraition will be as usual. Hope this helps !
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: