08-26-2015 02:33 AM - edited 02-21-2020 08:25 PM
Hello. Can anybody help to solve my problem.
I have two sites connected to each other using IPSec VPN. Site A: ASA - LAN 172.20.120.0/24, WAN: 95.109.45.32/28, IPSec from Internet. Site B: Cisco 2821, LAN 172.16.0.0/16, WAN: 178.249.126.128/28. IPSec 95.109.45.34-178.249.126.133. I need to use static NAT on 2821 for host from 172.20.120.0. 172.20.120.220-178.249.126.139.
Cisco 2821 configuration:
interface GigabitEthernet0/0
description TO_INTERNET_CDK
ip address 178.249.126.133 255.255.255.240
ip access-group INET_IN in
no ip proxy-arp
ip mtu 1400
ip nat outside
ip virtual-reassembly in
load-interval 30
crypto map SITE_VPN
end
ip nat inside source static 172.20.120.220 178.249.126.139 no-alias
If i ping 178.249.126.139 from internet, i see packets on host 172.20.120.220, i see reply packet too, but packet does not leave Cisco 2821. Encrypt and decrypt counters are changed in sh crypto ipsec sa | beg 172.20.120.220.
I think, problem is because ip nat inside absent in chains, i use one interface for incoming and outgoing traffic for host 172.20.120.220 on CIsco 2821.
On internet host i see "Blocked incoming ICMP packet (ICMP type 0) from 172.20.120.220 to 97.237.139.18" when i ping 172.249.126.139 from this host.
08-26-2015 07:26 AM
It is difficult to follow nature of the issue you are facing on your setup.
If I understood right, you want users at Site A need to accessing your host on this IP 172.20.120.220 or on this IP: 172.20.120.0 at Site B ?
08-27-2015 12:40 PM
Not right. I need host 172.20.120.220 from Site A become available from internet using IP 178.249.126.139 that belongs to Site B. If i ping 178.249.126.139 from internet i see ICMP packet on host 172.20.120.220, and i see respond packets too, but respond packets do not go to internet from Cisco 2821. See attachment.
08-27-2015 06:41 PM
You want Internet traffic for host: 178.249.126.139 traversing from Site B, via the IPSec tunnel to host 172.20.120.220/32 at Site A ?
thanks
08-28-2015 01:09 AM
Yes. I need host on site A look like host on site B from internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide