Hi All, My H.O and B.O have VPN connection between H.O 172.29.150.0/24 and B.O172.29.8.0/24. My B.O has got DMZ segment 192.168.0.1/24. DMZ web&mail server is access-able from Internet and server IP address 192.168.0.10 is NATed with a global IP address. The server 192.168.0.10 in B.O DMZ need`s to be accessed from H.O and Vice-versa. But we dont want another Tunnel between B.O DMZ and H.O. i.e H.O rule is that VPN will be only configured between H.O LAN(172.29.150.0/24) and B.O LAN(172.29.8.0/24) and VPN is working OK between these segments. But there is a requirment for accessing the B.O DNZ server to H.O. So is it possible to setup up another NAT with route-map for DMZ server address 192.168.0.10 with B.O LAN IP address (ex: 172.29.8.180) like: Is the below config correct? If not how to configure? Can some body help on it please.
! ip cef ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key XXXXXXXXXXXXX address P.Q.R.28 255.255.255.240 no-xauth crypto isakmp invalid-spi-recovery crypto isakmp keepalive 30 periodic ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set HOset esp-3des esp-sha-hmac crypto ipsec df-bit clear ! crypto map SDM_CMAP_1 local-address Loopback1 crypto map SDM_CMAP_1 1 ipsec-isakmp set peer P.Q.R.28 set transform-set HOset match address 103 ! interface Loopback0 ip address A.B.C.22 255.255.255.255 ! interface Loopback1 ip address A.B.C.23 255.255.255.255 ! interface FastEthernet0/0 description Interface Inside$FW_INSIDE$ ip address 172.29.8.100 255.255.255.0 ip access-group 110 in ip inspect DEFAULT100 in ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 description Interface Outside$FW_OUTSIDE$ ip address 192.168.11.2 255.255.255.0 ip access-group 102 in ip inspect DEFAULT100 in ip nat outside ip virtual-reassembly speed 10 full-duplex crypto map SDM_CMAP_1 ! interface Vlan1 description Interface DMZ$FW_DMZ$ ip address 192.168.0.1 255.255.255.0 ip access-group 111 in ip inspect DEFAULT100 in ip nat inside ip virtual-reassembly ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.11.1 ip http server ip http authentication local ip http secure-server ip nat pool pool-1 A.B.C.20 A.B.C.2 netmask 255.255.255.0 ip nat inside source route-map SDM_RMAP_1 pool pool-1 overload