[c-nsp] L2L VPN with NATed IP
Ramesh Karki
rameshkarki at gmail.com
Wed Dec 8 21:00:30 EST 2010
Hi,
I suggest you to ask your client to do NAT for both traffic incoming and
traffic outgoing as client has PIX at his side. PIX has this intelligence
(bi-directional translation) to solve such private network overlapping issue
behind the VPN gateway.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml
Thank you,
Ramesh
On Wed, Dec 8, 2010 at 6:10 AM, Fourpros it <fourprosit at gmail.com> wrote:
> Dear Experts!
>
> I have a need to configure L2L vpn to different clients. I have built the
> vpns under a single crypto map, but an issue has come up.
>
> One of my Client requires me to NAT my inside network to my public address
> as he also had NAT his inside network to his public address.
>
> How do I accomplish this? I basically need to NAT my inside 10.10.x.x
> network for Client to 193.32.x.x. My Client his inside network 172.10.x.x
> network for me to 173.32.x.x . In my side i have a Cisco IOS router and on
> my client side they have Cisco PIX.
> My Tunnel is up but can't get reach to my inside network and same on remote
> side. My ipsec log shows " sh crypto ipsec sa peer 173.32.x.x" packet
> encrypted and decrypted.
>
> I assume my NAT and ACL is working well, still not being able for tunnel
> traffic reachable either side. is there anyway to make this scenario to my
> customer?
> So i request if any one can provide me any suggest and support. It will be
> the great help.
>
> Thank You
> FourPros
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list