NAT traffic heading to VPN

ericwilcoxsg · ‎06-24-2009

I have a conflicting network (192.168.20.x/24) that I need to connect to a peer with the same network on their end.

Our inside IP addresses are in the 10.x.x.x range, as well as some 192.168.x.x addresses. Now here is what I am trying to accomplish - hopefully someone can tell me if it is even possible:

I want to connect to 192.168.206.20, which will then be NAT'd in the firewall to be 192.168.20.20 as the destination IP. Then it will head over the VPN tunnel, where we show as a source IP of a publicly registered IP address (1.2.3.4 for this example).

Hopefully someone can follow my request - Cisco TAC couldn't seem to grasp what I was trying to do.

Thanks in advance!

auraza · ‎06-25-2009

This will not work. From what I understand, your source IP is 192.168.206.20, which is NAT'd by the firewal to 192.168.20.20, however, the remote network that you are connecting to is also 192.168.20.20. You can't NAT the 192.168.20.20 once its already been NAT'd, and then put it in the tunnel. If my understanding is not clear, please draw the topology out so its a bit clearer, with IPs, etc.

ericwilcoxsg · ‎06-25-2009

So what I am looking at is to have the remote end accept traffic from our 192.168.202.x addresses, and then they will translate from that to their real IP addresses?