07-04-2007 03:27 AM
I need to double-nat a site-to-site VPN because both sites are using the same ip address range, can any one assist?
07-04-2007 03:41 AM
Hi
Site 1 subnet 192.168.1.0
Site 2 subnet 192.168.1.0
Site 1 NAT subnet 172.16.5.0
Site 2 NAT subnet 172.16.6.0
Site 1
======
access-list pnat permit ip 192.168.1.0 255.255.255.0 172.16.6.0 255.255.255.0
nat (inside) 2 access-list pnat
global (outside) 2 172.16.5.0 255.255.255.0
Your crypto access-list will read
access-list vpntraffic permit ip 172.16.5.0 255.255.255.0 172.16.6.0 255.255.255.0
Site 2
======
access-list pnat permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0
nat (inside) 2 access-list pnat
global (outside) 2 172.16.6.0 255.255.255.0
Your crypto access-list will read
access-list vpntraffic permit ip 172.16.6.0 255.255.255.0 172.16.5.0 255.255.255.0
HTH
Jon
07-04-2007 06:03 AM
Thank you Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide