[c-nsp] IOS FW - IP Aliasing
Joe Maimon
jmaimon at ttec.com
Tue May 2 14:04:46 EDT 2006
J Springer wrote:
> I have a customer using an 800-series router (12.2) with the IOS FW
> feature set that has configured a peer-to-peer VPN to a remote gateway.
I would investigate to see what the real version of IOS is and/or what
the latest version of IOS the device is upgradable to (800 series cover
a wide variety of hardware)
>
> Since the remote does not want to access the local machine by its
> private IP address once the VPN is established, it is assigning a
> non-routable /30 that we are to use to identify the local private machine.
>
> I do not have access to the customer firewall. Is there a command that
> I can have my customer use to static/proxy one IP address to another?
ip nat inside source static X.X.X.X Y.Y.Y.Y
>
> We really don't want to IP a loopback interface on the local private
> machine and route the /30 to it if we don't have to.
Thats not a bad option if NAT doesnt work. Also you could do GRE tunnel
from firewall to local private machine if you dont want to significantly
alter internal network routing policies.
>
> Example:
>
> Local Public: 10.0.0.1
> Remote Public: 10.10.10.1
>
> Local Private: 192.168.0.0/24
> Remote Private: 192.168.10.0/24
>
> Remote assigns 172.16.0.0/30 and wants to ftp to 172.16.0.1 instead of
> 192.168.0.34 once the VPN has been established.
>
> Is there an IOS option that we can use for this non-nat IP-IP translation?
It IS NAT.
You just need to make sure your VPN still works properly. Go look up the
IOS nat order of operations.
More information about the cisco-nsp
mailing list