site to site to site

brendorfer · ‎09-27-2011

Hello,

I have 2 tunnels and I need to use nat to forward trafic from one network to another network.

Tunnels are running fine, I have conectivity from B to A and from B to C. I need to add to tunnel B-C the A network so the C network can reach A network via B using nat.

A: extern 1.1.1.1

intern 192.168.1.1/24

B: extern 2.2.2.2

intern 192.168.2.1/24

C: extern 3.3.3.3

intern 192.168.3.1/24

Next acl are used by the tunnels for local-remote network(s).

A:

acl 101 permit ip 192.168.1.0/24 192.168.2.0/24 (tunnel A - B)

B:

acl 101 permit ip 192.168.2.0/24 192.168.1.0/24 (tunnel B - A)

acl 102 permit ip 192.168.2.0/24 192.168.3.0/24 (tunnel B - C)

acl 102 permit ip 192.168.1.0/24 192.168.3.0/24 (tunnel B - C) local address is the A network

C:

acl 101 permit ip 192.168.3.0/24 192.168.2.0/24 (tunnel C - B)

acl 101 permit ip 192.168.3.0/24 192.168.1.0/24 (tunnel C - B) remote address is the A network

Now I need to add a nat rule on B like this:

anything coming from C network destined to A network nat through 192.168.2.1 (B ip).

How do I do that ?

brendorfer · ‎09-27-2011

I just found the answer. I've tested the new configuration and it's working.

On router B:

ip nat pool local_ip 192.168.2.1 192.168.2.1 prefix-length 24

ip nat inside source list 200 pool local_ip

acl 200 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

All trafic coming from 192.168.3.0/24 (C network) to destination 192.168.1.0/24 (A network) is routed (nat) through 192.168.2.1 (ip router from B network)