Answer the question
In order to leave comments, you need to log in
A
A
Alex Plast2018-09-01 10:06:14
Alex Plast, 2018-09-01 10:06:14
How to wrap traffic in NAT before IPSEC in Cisco?
The situation is the following. Built Site-To-Site IPSEC. The peer issued IP 172.16.197.100/32 to build the tunnel. From his side 212.XX.XX.XX. From the side of the local peer, the client pings my tunnel interface, which I raised on Loopback. Inside my locale, the service is on port 80 at the address 192.168.1.7. The client must receive a response from the web server. I tried NAT, it doesn't work. How to decide?
2 answer(s)
@gosha-z
@Strabbo
G
gosha-z, 2018-09-01 @gosha-z
1. What specific equipment are we talking about?
2. So are we talking about IPSEC or ipsec-protected GRE? These are different things...
S
Strabbo, 2018-09-01 @Strabbo
1. On the loopback interface > ip nat outside
2. On the interface that looks towards 192.168.1.0/24 ip nat inside+ use PBR of this type:
route-map NEW_RM, permit, sequence 20
Match clauses:
ip address (access-lists) : NEW_ACL
Set clauses:
interface Loopback250
route-map NEW_RM, permit, sequence 25
Match clauses:
Set clauses:
in ACL you specify permit ip 192.168.1.0 0.0.0.255 10.х.х.х + wildcard
you hang up route map on itnerface ip policy route -map NEW_RM
then hit ip nat inside source list NEW_ACL interface Loopback250 overload
port forward ip nat inside source static tcp 192.168.1.7 172.16.197.100 80 extendable
PS Did it 100 years ago, didn't seem to miss anything.
Similar questions
S
S
R
G
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question