[VPN] LAN-to-LAN with Overlapping networks and PAT

Siddhartha Jain losttoy2000 at yahoo.co.uk
Thu Mar 31 13:01:18 EST 2005


Hello,

I am trying to get a LAN-to-LAN IPSec VPN to work.

Site A is 10.250.0.0/16
Site B is 10.0.0.0./8

On Site A, the inside network accesses the internet by
being PAT-ted to a pool of four global IP addresses -
64.aa.bb.cc/29

Site B has NAT-ted the hosts to be connected to over
the VPN with 192.168.40.0/24

Now my question is that how do I configure Site A
router wrt to NAT.

Will it work if I leave the PAT on Site A as it is and
define my interesting traffic as:
access-list 190 permit ip 64.aa.bb.cc 0.0.0.8 host
192.168.40.1

The PAT on site A is defined as:
ip nat pool tcsux 64.aa.bb.c1 64.aa.bb.c4
prefix-length 29
ip nat inside source list 163 pool tcsux overload

On Site B, the interesting traffic would then be
between 192.168.40.0/24 and 64.aa.bb.cc/29

Will this work? Ofcourse, I can punch in the config
and see if it works but unfortunately Site B isn't
under my command so I need to suggest the config to
the Site B admin.

Thanks,

Siddhartha Jain (CISSP) 

My Gear: Canon Digital 300D with Canon 18-55mm f/3.5-5.6
       : Minolta Maxxum 5 with Tamron 28-200mm f/3.8-5.6 Super LD IF
       : Pentax M42 mount Super-Takumar 50mm f/1.4
       : Jupiter M42 mount 200mm 21m f4
       : Mahindra Bolero GLX

The Bombay Amateur Photographers Club
http://groups.yahoo.com/group/tbapc/

Mahindra & Mahindra Jeepers
http://autos.groups.yahoo.com/group/mmjeeps/

Send instant messages to your online friends http://uk.messenger.yahoo.com 



More information about the VPN mailing list