I ran into an issue with a post 8.3 IOS NATing and curious if anyone can shad some light.
The scenario is: a PC on the network need to access a device behind the tunnel (service provider). The tunnel source required to be a different IP from the global.
hosted device behind the tunnel: 44.44.44.44
IP used as the tunnel source: 22.22.22.22
Internal device IP: 192.168.1.1
To accomplish this with the Pre 8.3 IOS I did as follow and it works as planned:
object-group network HOSTED_DEVICE
network-object host 44.44.44.44
access-list outside_cryptomap extended permit ip host 22.22.22.22 object-group HOSTED_DEVICE log
access-list NAT extended permit ip host 192.168.1.1 host 44.44.44.44
static (inside,outside) 22.22.22.22 access-list NAT
I tried to do the following on the post 8.3 IOS but no luck:
object-group network HOSTED_DEVICE
network-object host 44.44.44.44
object-group network obj_22.22.22.22
access-list outside_cryptomap extended permit ip host 22.22.22.22 object-group HOSTED_DEVICE log
nat (inside,outside) source static obj_22.22.22.22 obj_22.22.22.22 destination static HOSTED_DEVICE HOSTED_DEVICE no-proxy-arp
does anyone know how to accomplish this?
Thanks