Cisco VPN3030 Lan to lan NAT

Discussion in 'Cisco' started by Martin Bilgrav, Apr 27, 2005.

  1. Setup:
    ClientA -- NetA -- VPN3030 [email protected] FW-1NG -- NetB -- Server

    Desc:
    ClientA on NetA (10.0.0.0/8) needs access NetB Server (Host=172.16.0.1)
    Via Lan to Lan tunnel set up between Cisco VPN3030 and a Checkpoint FW-1 NG.

    Problem:
    NetB Server (Host=172.16.0.1) subnet is also routed elsewhere on NetA.
    Also NetA subnet is routed locally on NetB
    I need "one-sided" NAT

    Here is what I have done:

    - Reserved an IP from local pool in VPN3030 IP=192.168.100.100
    - Create L2L with Peer for FW-1, PSK, Local network=192.168.100.100 /32
    Remote=172.16.0.1/32
    - Create L2L-NAT rule and enabled it:
    Source=10.0.0.0/8:Trans=192.168.100.100/32 Remote=172.16.0.1/32
    - Add Static route towards public interface for 192.168.100.100/32


    This does not work. My guess is that the NAT rule is wrong, or that the
    terms source:trans - Remote means different

    that I imagine.

    Is it true that the above NAT rule means that 10 gets its source translated
    into 192.168 ?
    And how must I interpritate the Remote ?

    What I want to do, is to have ClientA on NetA (10.0.0.0/8) access the
    IP=192.168.100.100/32 and have this translated

    into 172.16.0.1/32, and then put this into the tunnel towards FW1-NG

    How can this be done in the VPN3030 ??


    Please comment ...

    Regards
    Martin Bilgrav
     
    Martin Bilgrav, Apr 27, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.