Site-to-site VPN additional IP subnet access

mkkeyan · ‎07-28-2008

Gents

I have site to site vpn it working well, Then VPN has been estaalished serveral years back , now clients are added (600No.s PC.) i want using additional subnet IP , but VPN should work without modify the client side firewall.

i know client if add my additional subnet it will work. I want know any way using like policy NAT? my excisting Subnet 10.20.31.0/24

thanks

Karthik

5220 · ‎07-28-2008

Hi Karthik,

The NAT will work if your side is the initiator of the traffic to the client end.

You simply NAT (many to one) the new subnet to one IP from the old subnet.

All the requests from the new subnet will use that single IP when connecting to client servers.

Let me know the device you use for VPN to provide you a NAT template.

Please rate if this helped.

Regards,

Daniel

mkkeyan · ‎07-29-2008

hi Daniel

here is my vpn config,with this config is possible?

thanks

Karthik

access-list To2M extended permit ip 10.20.31.0 255.255.255.0 10.200.224.0 255.255.254.0

access-list nonat extended permit ip 10.20.31.0 255.255.255.0 10.200.224.0 255.255.254.0

nat (inside) 0 access-list nonat

crypto ipsec transform-set DES esp-des esp-sha-hmac

crypto map pixtoces 1 match address To2M

crypto map pixtoces 1 set peer **.**.***.231

crypto map pixtoces 1 set transform-set DES

crypto isakmp policy 1

authentication pre-share

encryption des

hash sha

group 1

lifetime 86400