[nsp] NAT and VPN

Alan Andrews alan at tieless.com
Fri Nov 21 16:40:53 EST 2003


I did something similar to this where I had an IPSEC VPN between a Cisco
3600 and a Linux host with freeswan.  The router also had to do NAT.

You can see my configs at
http://www.tieless.com/ipsec/cisco-freeswan-cisco/cisco-freeswan-cisco.html

It doesn't involve a PIX, but it's still a similar situation on the NAT
router side.  Might help.

-Alan

On Fri, 2003-11-21 at 15:12, Krzysztof Adamski wrote:
> I need to join two networks, and I need to NAT some hosts.
> 
> The network looks like this:
> 
> HostA ---- Router A1 ---- Router A2 ---- Router A3 --- Internet
> 
> Internet --- PIX B --- net B
> 
> Currently Host A is 128.1.1.199 and needs to be visible as 172.30.5.129 to
> net B network.
> Router A3 has a single static IP for connecting to the Internet. This is
> where the VPN to the PIX B is going be setup. I would prefer to do the NAT
> on A3.
> net B is 172.30.255.128 /26
> Nothing else is to go though the VPN.
> 
> The connection between net B and HostA has to be bidirectional, there are
> 4 more machines like HostA, each is to have a uniq IP.
> How should the NAT be setup, and how this will interact with the VPN?
> 
> K
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list