Help with NAT config please !

nicolel007 · ‎04-01-2006

Hi,

I'm trying to hide my internal subnet in a vpn config to a remote destination, but I'm ok with VPN config's, but not sure if my natting is correct. I have the following....

internal subnet: 192.168.7.0 255.255.255.0

the subnet I would like to hide behind: 192.168.51.0 255.255.255.0

remote subnet: 192.168.243.0 255.255.255.252

access-list outside_cryptomap_50 permit ip 192.168.7.0 255.255.255.0 192.168.243.0 255.255.255.252

access-list VPN_NAT permit ip 192.168.51.0 255.255.255.0 192.168.243.0 255.255.255.252

global (outside) 2 192.168.51.0 255.255.255.0

nat (inside) 2 access-list VPN_NAT 0 0

isakmp key ******** address 1.1.1.1 netmask 255.255.255.255 no-xauth no-config-mode

crypto map outside_map 50 ipsec-isakmp

crypto map outside_map 50 match address outside_cryptomap_50

crypto map outside_map 50 set peer 1.1.1.1

crypto map outside_map 50 set transform-set ESP-3DES-SHA

pkhatri · ‎04-01-2006

Hi,

I believe your NAT access-list should reference your local IPs so it should look like this:

access-list VPN_NAT permit ip 192.168.7.0 255.255.255.0 192.168.243.0 255.255.255.252

Pls do remember to rate posts.

Paresh

nicolel007 · ‎04-02-2006

Just tried that, so my VPN_NAT access list is now the same as my crypto map, is this right !

this is how it looks now !