[VPN] Cisco VPN before NAT
VPN user
list.vpn.shmoo at centerpoint.be
Tue Mar 13 07:11:31 EDT 2007
Hi,
I have the following problem, and can't seem to find a solution.
I have 2 Cisco routers, A and B with a VPN connection. Both routers
have a serial interface pointing to external and an ethernet interface
(Lets call them A and B) pointing to the inside.
Traffic between subnet A and B is NOT NATed and the VPN works fine.
Now, router B has a second ethernet interface (C), to subnet C.
I added this subnet to the IPSEC ACLS on both routers as I want to
allow subnet A to access subnet C through the VPN.
The tunnel is up and running with no NAT being done.
However, on router B, access from subnet B to C is NATed:
Interface B
ip nat inside
!
Interface C
ip nat outside
!
ip nat inside source route-map NAT interface C overload
!
route-map NAT permit 10
match ip address 123
!
access-list 123 permit ip SUBNET_B SUBNET_C
So far so good. Now the problem:
How can I NAT traffic from subnet A to subnet C?
I tried adding
access-list 123 permit ip SUBNET_A SUBNET_C
but this doesn't help as traffic coming out of the VPN seems not to be
affected by the NAT rule, probably because it is not considered coming
from an interface with "ip nat inside".
Is there a way of doing this without using tunnel interfaces?
Thanks in advance.
More information about the VPN
mailing list