02-07-2011 06:21 AM
Dear all,
I have a VPN connection to set with my partner and he has given me a private range of addresses to use as my private addressess. What I have to do is to NAT my private addresses to the private addresses he gave me. Lets assume that the addresses given to me is X.X.X.X mask 255.255.255.40 and my private address is Y.Y.Y.Y with mask 255.255.255.255. I have to NAT Y.Y.Y.Y to X.X.X.X but when I did that, the VPN is not working.Find my config below
global(outside) 2 X.X.X.17-X.X.X.30
Nat(inside) 2 ACL_NAME
access-list ACL_NAME defines the TRAFFIC to NAT from my private IP to remote private network.
When I NAT, the source address of my packets changes. When defining my interesting traffice using an ACL, What will I use as the source address. Will I use the orignal IP address or the NATed Address.
It is possible to NAT traffic that I am going to Encrypt?
I will be very grateful for your help as usual.
Regards
02-07-2011 06:43 AM
Hi Claude,
Let us use the following terms:
You original ip address range: y.y.y.y
For VPN sake, traffic is being NAT'ed to: x.x.x.x
Subment mask: m.m.m.m
access-list VPN-policy perm ip y.y.y.y to
nat (inside) VPN-Policy
global (outside) x.x.x.x
So far so good as you have already configured.
VPN interesting traffic has to be from the NAT'ed ip address range i.e. x.x.x.x to
We are going to encrypt the traffic after it has been NAT'ed.
HTH
Regards,
Praveen
02-07-2011 12:38 PM
Hi Praveen,
Before I post my complaint on the forum, I had already NATed and configured my interesting traffic the way you told me to but my VPN connection is still not working. For the pass VPNs I configured, I had to configure my access-list controlling outgoing traffic to permit info leaving my private IP going to remote Private IP. In this case when configuring my access-list controlling outgoing info, what will be the source IP? Will it be the NATed IP or the original IP.
Thanks and Regards
02-08-2011 01:00 AM
Hi Claude,
Are you talking about access-list applied on inside interface?
On the inside interface, permit access-list entrty would be "permit
HTH
Regards,
Praveen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide