[c-nsp] Cisco VPN w/ IPsec and NAT
Bryan
bryan at tec-works.com
Fri Sep 17 00:55:54 EDT 2004
So I have the need (long story), to setup and IPSEC VPN tunnel into
another network to which I have no visibility. It will be using SHA and
pre-shared keys, pretty standard. The problem is, I need the vpn to route
7 non-contiguous subnets to which the far end router is connected AND need
to have the VPN tunnel appear to be coming from 1 ip address for all 7
networks, so NAT is needed. Yes, we realise that this will be stricly a 1
way tunnel.
so... I guess my question is, can I use the Tunnel interface as a nat
outside and then add some policy or static routes to route the traffic to
it.
Visible NAT IP: 10.96.103.68
Far end Networks: 10.174.2.0
10.174.58.0
10.24.16.0
10.96.31.0
10.207.10.0
10.207.58.0
10.207.72.0
crypto isakmp policy 1
hash sha
authentication pre-share
crypto isakmp key cisco123 address <far end pub ip>
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto map mymap isakmp
set peer <far end pub ip>
set transform-set myset
match address 101
I'm at a loss for how to get the nat going over the ipsec tunnel.
Thanks in advance,
Bryan
More information about the cisco-nsp
mailing list