Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
2
Replies

Doing NAT on VPN

Ronald Nutter
Level 1
Level 1

‎11-03-2010 11:21 AM

I have a situation I am working on where we are temporarily located in a partner's office and need to build a VPN tunnel back to our corporate office.  The problem is that we are both using the same 10.x network range for our respective networks.

Is there a way that I can use 192.168.x.x on the private side of our router which connects to the partners network but have the VPN traffic appear as if it is coming from say 10.150.x.x/16 ?  If so, can you provide an example of what I need to do on the router side where I would need to have these commands ?

That might help the secondary issue we are trying to work through which is to have one tunnel between our router and corporate instead of the individual client vpn tunnels that we now have.  Our users in that building also need to print to local printers that are on the partners network and are using the 10.x range as we are.

Thanks,

Ron

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-03-2010 01:33 PM

Hi,

Let's say you have this:

Site A

10.1.1.0/24

Site B

10.1.1.0/24


Site A

ip nat inside source static 10.1.1.1 192.168.1.1 route-map NAT


route-map NAT

  match address NAT

 

ip access-list extended NAT

  permit ip host 10.1.1.1 192.168.2.0 0.0.0.255


Site B

ip nat inside source static 10.1.1.1 192.168.2.1 route-map NAT

route-map NAT

  match address NAT


ip access-list extended NAT

  permit ip host 10.1.1.1 192.168.1.0 0.0.0.255

The idea is that Site A will be presented as 192.168.1.0 and Site B will be presented as 192.168.2.0 so they can communicate across the tunnel.

You will need to define the interesting traffic between the 192.168.x.0 subnets.

Hope it helps.

Federico.

0 Helpful

Ronald Nutter
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-08-2010 06:16 AM

From what you replied, I gather that what I want to do is possible.  Still a little confused on how to get it done.

I forgot to put this in the initial message that the VPN router is already doing split tunneling, so I have to figure out how to get the this new nat command to work without messing up what the original one is doing.

Looks like I have heading back to the Cisco docs one more time.

Ron

0 Helpful
Customers Also Viewed These Support Documents