cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fnbisson
New Contributor

NAT config with VPN

Jump to solution

Hi,

I now there are already some discussions for this topic but I still have some trouble to establish my VPN connection. I also already look at the NAT pool in AOS.

I need to establish a VPN connection from my office to a customer office. He gives me the subnet I need to use from my side and his side. The subnet he gives me is not the same as my local subnet. So I need to use NAT. There is my network setup.

My office

LAN 192.168.100.0 /24 ---> should be 10.154.135.0 /24 connecting to 10.120.134.0 /24

There is my config.

ip crypto

!

crypto ike policy 100

  initiate main

  respond anymode

  local-id address 10.154.135.25

  peer X.X.X.X

  attribute 1

    encryption aes-256-cbc

    authentication pre-share

    group 2

    lifetime 86400

!

crypto ike remote-id address 10.120.134.1 preshared-key blablabla ike-policy 100 crypto map VPN 10 no-mode-config no-xauth

!

crypto ipsec transform-set esp-aes-256-cbc-esp-sha-hmac esp-aes-256-cbc esp-sha-hmac

  mode tunnel

!

crypto map VPN 10 ipsec-ike

  description Tunnel

  match address VPN-10-vpn-selectors

  set peer X.X.X.X

  set transform-set esp-aes-256-cbc-esp-sha-hmac

  set security-association lifetime seconds 86400

  set pfs group2

  ike-policy 100

!

no ethernet cfm

!

interface loop 1

  ip address  10.154.135.25  255.255.255.0

  ip address range  10.154.135.1  10.154.135.24  255.255.255.0  secondary

  ip address range  10.154.135.26  10.154.135.254  255.255.255.0  secondary

  no shutdown

!

interface eth 0/1

  ip address dhcp

  ip access-policy Public

  crypto map VPN

  no shutdown

!

interface eth 0/2

  encapsulation 802.1q

  no shutdown

!

interface eth 0/2.20

  vlan-id 20 native

  ip address  192.168.100.25  255.255.255.0

  ip access-policy Private

  no shutdown

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

ip access-list extended inside

  permit ip 192.168.100.0 0.0.0.255  10.120.134.0 0.0.0.255  

!     

ip access-list extended outside

  permit ip 10.120.134.0 0.0.0.255  10.154.135.0 0.0.0.255  

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any  any     log

!

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.154.135.0 0.0.0.255  10.120.134.0 0.0.0.255  

!

ip nat pool pool1 static

  local 192.168.100.1 192.168.100.254 global 10.154.135.1 10.154.135.254

!

ip policy-class Private

  allow list self self

  nat source list wizard-ics interface eth 0/1 overload

  nat source list inside pool pool1 policy Public

!

ip policy-class Public

  nat destination list outside pool pool1

Labels (3)
Tags (4)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: NAT config with VPN

Jump to solution

:

It appears you opened a ticket with ADTRAN Technical Support for assistance with this topic.  When you get a chance, will you please reply with the outcome?  Also, example two on page 8 of the Configuring NAT Pools in AOS explains the NAT over VPN application and provides an example configuration.

Levi

View solution in original post

2 Replies
Anonymous
Not applicable

Re: NAT config with VPN

Jump to solution

:

It appears you opened a ticket with ADTRAN Technical Support for assistance with this topic.  When you get a chance, will you please reply with the outcome?  Also, example two on page 8 of the Configuring NAT Pools in AOS explains the NAT over VPN application and provides an example configuration.

Levi

View solution in original post

Anonymous
Not applicable

Re: NAT config with VPN

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.


Thanks,

Noor