I have a customer who has 2 data centres with the same 10.0.0.0/8 network. They use vmotion to move servers beween data centres and retain the same IP address.
My problem is to create a VPN tunnel to each data centre. both VPNs will have Source 10.0.0.0/8 dest 192.168.0.0/24.
I need to NAT the soure IP address based on the VPN tunnel used,
Source Dest NAT Scr Dest
10.0.0.0/8 192.168.0.0/24 10.1.0.0/8 192.168.0.0/24
10.0.0.0/8 192.168.0.0/24 10.2.0.0/8 192.168.0.0/24
How do I acchive this.
James,You would create a policy nat for one side of your VPN. You would then configure the remote/local network to be the nat range.What devices are you using?What software versions are you using?What other vpn's / nats are in operation?Best RegardsJuSent from Cisco Technical Support iPhone App
I have a cisco 5540 asa 8.0(4). both customer VPN terminate on the ASA. The other VPN boxes are checkpoint.(I have no control of these)
So what you are saying is the customer will have to at one of their data centres they will have nat their 10.0.0.0/8 to something else before it enters the VPN tunnel.
If I create a policy nat on my ASA can I apply it to a VPN tunnel so that anything source ip's comming out of that VPN Tunnel are NATed to my NAT range
Ok so looks like this is your setup:
SiteA = 10.0.0.0/8
SiteB = 10.0.0.0/8
You need VPN between the two. Well in this scenario you can just NAT one site to another subnet and the other side can remain the same.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: