Cisco VPN3030 Lan to lan NAT

Discussion in 'Cisco' started by Martin Bilgrav, Apr 27, 2005.

  1. Setup:
    ClientA -- NetA -- VPN3030 [email protected] FW-1NG -- NetB -- Server

    ClientA on NetA ( needs access NetB Server (Host=
    Via Lan to Lan tunnel set up between Cisco VPN3030 and a Checkpoint FW-1 NG.

    NetB Server (Host= subnet is also routed elsewhere on NetA.
    Also NetA subnet is routed locally on NetB
    I need "one-sided" NAT

    Here is what I have done:

    - Reserved an IP from local pool in VPN3030 IP=
    - Create L2L with Peer for FW-1, PSK, Local network= /32
    - Create L2L-NAT rule and enabled it:
    Source= Remote=
    - Add Static route towards public interface for

    This does not work. My guess is that the NAT rule is wrong, or that the
    terms source:trans - Remote means different

    that I imagine.

    Is it true that the above NAT rule means that 10 gets its source translated
    into 192.168 ?
    And how must I interpritate the Remote ?

    What I want to do, is to have ClientA on NetA ( access the
    IP= and have this translated

    into, and then put this into the tunnel towards FW1-NG

    How can this be done in the VPN3030 ??

    Please comment ...

    Martin Bilgrav
    Martin Bilgrav, Apr 27, 2005
