I am trying to get a LAN-to-LAN IPSec VPN to work.
Site A is 10.250.0.0/16 Site B is 10.0.0.0./8
On Site A, the inside network accesses the internet by being PAT-ted to a pool of four global IP addresses - 64.aa.bb.cc/29
Site B has NAT-ted the hosts to be connected to over the VPN with192.168.40.0/24
Now my question is that how do I configure Site A router wrt to NAT.
Will it work if I leave the PAT on Site A as it is and define my interesting traffic as: access-list 190 permit ip 64.aa.bb.cc 0.0.0.8 host 192.168.40.1
The PAT on site A is defined as: ip nat pool tcsux 64.aa.bb.c1 64.aa.bb.c4 prefix-length 29 ip nat inside source list 163 pool tcsux overload
On Site B, the interesting traffic would then be between192.168.40.0/24 and 64.aa.bb.cc/29
Will this work? Ofcourse, I can punch in the config and see if it works but unfortunately Site B isn't under my command so I need to suggest the config to the Site B admin.
Siddhartha Jain (CISSP)