Cisco VPN and internal subnet

- D
- drazyw
  
  Contact options for registered users
posted
18 years ago

Mon, Jul 25, 2005 10:14 PM

I have a problem with getting a VPN setup with a client. At my end, we have a PIX with an external registered IP and and an internal private subnet. Basicly, the remote side can not route to any private IPs. They require connection to a registered IP. Registered peer and registered host. I have a block of registered IPs all on the same subnet. How do I establish a VPN between us and them while they aren't able to route to my internal addresses. I'm willing to change my internal addresses to anything. I guess this would be similiar to us both using the same internal IP range. How can I do this?

Thanks,

Chris

Loading thread data ...

- J
- Jyri Korhonen
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Jul 26, 2005 7:49 PM

There are two ways to do it:

Policy NAT. Walter has tested that this will work even if the connection is initiated from the remote LAN.

access-list VPN_NAT permit ip [PRIVATE_IP(s)] [REMOTE_IP(s)] nat (inside) X access-list VPN_NAT global (outside) X [REGISTERED_IP(s)] 255.255.255.Y

(where X is a number, but not 0)

Static NAT, because "nat (inside) 0" will override this if you need both NATted and non-NATted VPN accesses.

static (inside,outside) [REGISTERED_IP(s)] [PRIVATE_IP(s)] netmask

255.255.255.Y

Check the NAT order table from the below link. Then you can select the method that suits you best.

formatting link

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.