Hello,
I have a L2L VPN issue with one of my third party clients.
We are setting up a VPN tunnel from our PIX to their VPN gateway device.
We have a single host on our Inside network that will need to access a single host on the remote network.
The problem is that by coincidence the IP address on the remote network is in the same subnet range as our existing DMZ.
So our DMZ is on 192.168.60.0 /24 and the host on the remote network we need to access has an IP of 192.168.60.25
Our Inside host IP – 192.168.100.50
Remote host IP – 192.168.60.25
I thought this would cause a conflict, so my workaround was to create a static NAT that will translate remote IP 192.168.60.25 to another private subnet IP on our network. Then create the appropriate NAT and ACLs.
Something like:
static (inside,outside) 192.168.60.25 192.168.70.25 netmask 255.255.255.255
access-list xnat extended permit ip host 192.168.100.50 host 192.168.70.25
access-list vpn1 extended permit ip host 192.168.100.50 host 192.168.70.25
crypto map vpnmap 10 match address vpn1
crypto map vpnmap 10 set peer x.x.x.x
crypto map vpnmap 10 set transform-set 3des
crypto map vpnmap 10 set security-association lifetime seconds 28800
crypto map vpnmap 10 set security-association lifetime kilobytes 4608000
Can I use static nat in this manner on vpn traffic to resolve this issue?
Any assistance would be most helpful