cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
145
Views
0
Helpful
1
Replies
Highlighted
Beginner

Need solution for address translation over VPN

I am connecting a remote site using a VPN between a PIX501 at the remote site to our VPN3030 on the local site. The remote site uses a cable Internet connection with a static IP. The connection works great but the IP subnet at the remote site duplicates addresses already connected to our network. If I nat the addresses on the PIX501 (using Static command), the remote site is unable to use their local Internet connection. I would prefer to not route all of their Internet traffic over the VPN. Is there a solution to this? Do I need to replace the 501 with another piece of equipment?

1 REPLY 1
Highlighted
Beginner

Hi,

You can do a policy based static translation to NAT the traffic only over the VPN tunnel.

Suppose your source subnet is s.s.s.0/24, destination d.d.d.0/24 ant NATed subnet is n.n.n.0/24, the following commands will achieve policy static NAT

Access-list vpn-nat permit ip s.s.s.0 255.255.255.0 d.d.d.0 255.255.255.0

Static (inside,outside) n.n.n.0 access-list vpn-nat

Don’t forget to change the crypto access-lists at both ends to match the change in IP also.

Access-list crypto-acl permit ip n.n.n.0 255.255.255.0 d.d.d.0 255.255.255.0

HTH

Regards,

Shijo George.

Content for Community-Ad
This widget could not be displayed.