Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5937
Views
0
Helpful
15
Replies

IPSec tunnel and policy Nat

Go to solution
mistryj
Level 1
Level 1

‎01-18-2016 05:46 AM - edited ‎02-21-2020 08:38 PM

Hi,

I have a Cisco IOS router and want to setup an IPSec tunnel between myself and client.  Unfortunately we both have overlapping 10 network IP addresses.

Is it possible for me to just Nat the IPs on my side or does the client need to Nat as well ?

I have configured NAT on inside interface for 10.134.206.1 to 192.168.156.6 so that Nat occurs before packets get encrypted on tunnel,  however tunnel is not coming up.    The client uses a sonic firewall and has allowed 192.168.156.0/24 to their 10.91.0.0/16 network.

See attached

regards,

Labels:
Preview file
59 KB
Preview file
2 KB
0 Helpful
15 Replies 15

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to mistryj

‎01-18-2016 02:19 PM

First lets add some routes for the two hosts you want to get to.

ip route 10.91.1.40 255.255.255.255 <outside next hop>
ip route 10.91.1.60 255.255.255.255 <outside next hop>

Lets NAT all of your internal IP address range to your public IP:

access-list 1 permit 10.0.0.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload

Now lets correct the encryption domain:

ip access-list extended crypto_map_SONIC
 permit ip host CISCO_GATEWAY host 10.91.1.40
 permit ip host CISCO_GATEWAY host 10.91.1.60

The Sonic wall encryption domain will need to match.

0 Helpful
Customers Also Viewed These Support Documents