Cisco VPN and internal subnet

I have a problem with getting a VPN setup with a client. At my end, we have a PIX with an external registered IP and and an internal private subnet. Basicly, the remote side can not route to any private IPs. They require connection to a registered IP. Registered peer and registered host. I have a block of registered IPs all on the same subnet. How do I establish a VPN between us and them while they aren't able to route to my internal addresses. I'm willing to change my internal addresses to anything. I guess this would be similiar to us both using the same internal IP range. How can I do this?



Reply to
Loading thread data ...

There are two ways to do it:

  1. Policy NAT. Walter has tested that this will work even if the connection is initiated from the remote LAN.

access-list VPN_NAT permit ip [PRIVATE_IP(s)] [REMOTE_IP(s)] nat (inside) X access-list VPN_NAT global (outside) X [REGISTERED_IP(s)] 255.255.255.Y

(where X is a number, but not 0)

  1. Static NAT, because "nat (inside) 0" will override this if you need both NATted and non-NATted VPN accesses.

static (inside,outside) [REGISTERED_IP(s)] [PRIVATE_IP(s)] netmask


Check the NAT order table from the below link. Then you can select the method that suits you best.

formatting link

Reply to
Jyri Korhonen Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.