01-18-2016 05:46 AM - edited 02-21-2020 08:38 PM
Hi,
I have a Cisco IOS router and want to setup an IPSec tunnel between myself and client. Unfortunately we both have overlapping 10 network IP addresses.
Is it possible for me to just Nat the IPs on my side or does the client need to Nat as well ?
I have configured NAT on inside interface for 10.134.206.1 to 192.168.156.6 so that Nat occurs before packets get encrypted on tunnel, however tunnel is not coming up. The client uses a sonic firewall and has allowed 192.168.156.0/24 to their 10.91.0.0/16 network.
See attached
regards,
Solved! Go to Solution.
01-18-2016 02:19 PM
First lets add some routes for the two hosts you want to get to.
ip route 10.91.1.40 255.255.255.255 <outside next hop>
ip route 10.91.1.60 255.255.255.255 <outside next hop>
Lets NAT all of your internal IP address range to your public IP:
access-list 1 permit 10.0.0.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
Now lets correct the encryption domain:
ip access-list extended crypto_map_SONIC
permit ip host CISCO_GATEWAY host 10.91.1.40
permit ip host CISCO_GATEWAY host 10.91.1.60
The Sonic wall encryption domain will need to match.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide