hi all ,
I need to implement site to site vpn tunnel between A and B two Endpoints.
Ultimate Goal - Communicate between Node X and Y
A - resides in DMZ
X - resides in Server Farm ( Access Y Server by Browsing http://192.168.X)
It is requires to do a NAT in Router A and
a) hide source address flowing (Address X --> Can translate it to a Address - P )
b) 192.168.1.X should route using a different address in OUR Side (Address Y --> Can translate it to a Address - Q)
But Router A contains only One Single interface (Gi 0/1). How can I do the NAT according to my situation ? (I cannot terminate the S2S VPN in Our Side Border Router. It should terminate in Router A)
What are the IP's I should use to configure Interesting Traffic ?
Your responses are highly.
can you explain how your internal traffic reaches your 7206, i mean what are other devices in between . Also you have mentioned you have only 1 interface on 7206 .. cab you explain bit more on that
Once I reach the A Router through my X server I'll find another router and a firewall between them. It's required to build the tunnel between Router A and B while hiding my Internal Network to the peer end.
Since I did have a single Interface Gi 0/1 I defined a Loopback Interface as a outside.
Router A config:
interface gi 0/1
ip nat inside
int lo 1
ip nat outside
ip nat inside source static X P
ip nat outside source static Y Q
But once I send a icmp message from server X to the Y server I cannot see any nat translations on my Rouer A "debug ip nat"
What should I do in order to hide my internal network ?
i guess you are upto configure nat on a stick but in order this to work, we have to send the traffic to loopback then only NAT would work.
what you can do is to create a policy based routing ( PBR) and set the interface as loopback1 for the intresting traffic and apply that in the router G0/1 interface.
Hope this helps