NAT befor entering an IPSEC tunnel over ISDN

Hello,

I need to staticly nat internal adresses before an IPSEC tunnel over ISDN 8-0 !!!

internal network adresse is : 10.0.0.1 nated to 192.168.0.2 (static nat) remote network : 192.168.254.0 (this network accept only the address

192.168.0.2)

Could this configuration work :

interface FastEthernet0/0 Description INTERNAL ip address 10.0.0.254 255.255.255.0 duplex auto speed auto ip nat inside no mop enabled

interface BRI0/0/0 Description ISDN to remote site no ip address encapsulation ppp no ip mroute-cache dialer pool-member 1 isdn switch-type vn3 ppp authentication chap

interface Dialer1 ip address 192.168.0.22 255.255.255.252 ip nat outside ip virtual-reassembly encapsulation ppp no ip mroute-cache dialer pool 1 dialer-group 1 no peer default ip address ppp authentication chap crypto map CDC-map

crypto isakmp policy 10 encr 3des hash md5 authentication pre-share crypto isakmp key ******** address 192.168.0.21

crypto ipsec transform-set CDC-transform-set esp-3des esp-md5-hmac

crypto map CDC-map local-address Dialer1 crypto map CDC-map 10 ipsec-isakmp set peer 192.168.0.21 set transform-set CDC-transform-set match address CDC-ACL

ip route 192.168.254.0 255.255.255.0 192.168.0.21

ip nat inside source static 10.0.0.1 192.168.6.2

ip access-list extended CDC-ACL permit ip host 192.168.6.2 192.168.254.0 0.0.0.255 deny ip any any log

Thanks for your help !

Reply to
Laurent GARNIER
Loading thread data ...

NAT then crypto does work.

I haven't reviewed yuor config in detail, maybe you will find "nat order of operations document" useful.

formatting link
Order of Operation

Reply to
Bod43

snipped-for-privacy@hotmail.co.uk a écrit :

formatting link
NAT Order of Operation

Very usefull ! Thank you !

Reply to
Laurent GARNIER

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.