Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
107
Views
0
Helpful
1
Replies
harish.pal
Beginner
Beginner
‎09-21-2015 03:44 AM
‎09-21-2015 03:44 AM

Site to Site VPN(VTI)

Hi all have S2S VPN connection and i am performing Nating 

10.0.0.0/16----- 47.73.223.250

by using access list 

Extended IP access list 100
    10 permit ip 10.0.0.0 0.0.255.255 145.230.12.0 0.0.0.255

And Overloaded to LoopBack1

interface Loopback1
 ip address 47.73.223.250 255.255.255.255
end


ip-10-0-0-156#show run | inc ip nat
 ip nat outside
 ip nat inside
ip nat inside source list 100 interface Loopback1 overload

 

 

interface GigabitEthernet1
 ip address dhcp
 ip nat inside
 negotiation auto
end

 

interface Tunnel1
 ip address 169.254.249.50 255.255.255.255
 ip nat outside
 ip tcp adjust-mss 1387
 tunnel source GigabitEthernet1
 tunnel mode ipsec ipv4
 tunnel destination 85.205.30.148
 tunnel protection ipsec profile ipsec-vpn-Vodafone-mgmtAWS-0
 ip virtual-reassembly
end

 

Nating is working properly but traffic after Nating to (47.73.223.250) is not entering to the tunnel interface and interface will go down

please advise and help ASAP

 

 

 

Labels:
0 Helpful
1 REPLY 1
mariano.alfonso
Beginner
Beginner
‎09-22-2015 06:55 AM
‎09-22-2015 06:55 AM

Hi Harish,

 

Let me see If I get this correctly, so what you want is that the 10.0.0.0/16 traffic when it's going to 145.230.12/24 gets natted to 47.73.223.250??

 

Before the traffic tries to leave, can you see the tunnel is up?

 

Thanks,

0 Helpful
Latest Contents
ISE as RADIUS server for Password + Smart Card Authenticatio...
Created by deepuvarghese1 on 04-17-2021 06:22 AM
1
10
1
10
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS... view more
Email Security - QuoVadis Root Certificate Decommission Migh...
Created by dmccabej on 03-30-2021 09:32 AM
0
0
0
0
Problem Description For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b... view more
ISE REST APIs Webinar: April 6/7, 2021
Created by thomas on 03-25-2021 07:57 PM
2
5
2
5
  Register Now Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli... view more
FMT 2.3.4 adding ASA migrations of S2S VPN in public beta
Created by William_Hansch on 03-22-2021 08:00 AM
1
10
1
10
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA: Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center VP... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 03-22-2021 04:40 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Content for Community-Ad