Solved: Re: VPN NAT

hakim12help · ‎04-23-2018

Hello,

i have a custmer that has the same subnet on its infrastructure (192.168.1.0/24), i would like to establish a vpn lan to lan with it and the problem is that i have the same subnet too (192.168. 1.0 / 24), I think I have to go through a NAT but I do not know how to do it, here is my configuration.

interface FastEthernet0/0
ip address 192.168.1.X 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled

!

crypto isakmp policy 15
encr 3des
authentication pre-share
group 5
crypto isakmp key ******** address X.X.X.X
!
!

crypto ipsec transform-set test esp-3des esp-sha-hmac
!
crypto dynamic-map mydynmap 20
set pfs group5
!
!
crypto map mymap 21 ipsec-isakmp
set peer X.X.X.X
set transform-set test
match address test
crypto map mymap 999 ipsec-isakmp dynamic mydynmap

!

ip access-list extended acl_nat
deny ip 192.168.1.0 0.0.0.255 192.0.0.0 0.0.0.255

!

ip access-list extended test
permit ip 192.168.1.0 0.0.0.255 192.0.0.0 0.0.0.255

Thank you for your help

Bogdan Nita · ‎04-24-2018

I believe you will need to NAT both source and destination in order to be able to achieve this.

Here is how I would do it:

Site A:
! NAT config
!
ip nat inside source static network 192.168.1.0 10.10.10.0 /24
!
!crypto acl reconfig
!
no ip access-list extended test
!
ip access-list extended test
permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
!
!routing
!
ip route 20.20.20.0 255.255.255.0 <public ip>

Site B:

! NAT config
!
ip nat inside source static network 192.168.1.0 20.20.20.0 /24
!
!crypto acl reconfig
!
no ip access-list extended test
!
ip access-list extended test
permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
!
!routing
!
ip route 10.10.10.0 255.255.255.0 <public ip>

HTH

Bogdan

View solution in original post

Bogdan Nita · ‎04-24-2018