11-28-2012 08:57 PM
Hi
I have a customer who has 2 data centres with the same 10.0.0.0/8 network. They use vmotion to move servers beween data centres and retain the same IP address.
My problem is to create a VPN tunnel to each data centre. both VPNs will have Source 10.0.0.0/8 dest 192.168.0.0/24.
I need to NAT the soure IP address based on the VPN tunnel used,
example
VPN 1
Source Dest NAT Scr Dest
10.0.0.0/8 192.168.0.0/24 10.1.0.0/8 192.168.0.0/24
VPN 2
Source Dest NAT Scr Dest
10.0.0.0/8 192.168.0.0/24 10.2.0.0/8 192.168.0.0/24
How do I acchive this.
James
11-29-2012 01:13 AM
James,
You would create a policy nat for one side of your VPN. You would then configure the remote/local network to be the nat range.
What devices are you using?
What software versions are you using?
What other vpn's / nats are in operation?
Best Regards
Ju
Sent from Cisco Technical Support iPhone App
11-29-2012 02:50 PM
Hi
I have a cisco 5540 asa 8.0(4). both customer VPN terminate on the ASA. The other VPN boxes are checkpoint.(I have no control of these)
So what you are saying is the customer will have to at one of their data centres they will have nat their 10.0.0.0/8 to something else before it enters the VPN tunnel.
or
If I create a policy nat on my ASA can I apply it to a VPN tunnel so that anything source ip's comming out of that VPN Tunnel are NATed to my NAT range
James
11-30-2012 01:22 PM
Ok so looks like this is your setup:
SiteA = 10.0.0.0/8
SiteB = 10.0.0.0/8
You need VPN between the two. Well in this scenario you can just NAT one site to another subnet and the other side can remain the same.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide