Answer the question
In order to leave comments, you need to log in
How to wrap traffic in NAT before IPSEC in Cisco?
The situation is the following. Built Site-To-Site IPSEC. The peer issued IP 172.16.197.100/32 to build the tunnel. From his side 212.XX.XX.XX. From the side of the local peer, the client pings my tunnel interface, which I raised on Loopback. Inside my locale, the service is on port 80 at the address 192.168.1.7. The client must receive a response from the web server. I tried NAT, it doesn't work. How to decide?
Answer the question
In order to leave comments, you need to log in
1. What specific equipment are we talking about?
2. So are we talking about IPSEC or ipsec-protected GRE? These are different things...
1. On the loopback interface > ip nat outside
2. On the interface that looks towards 192.168.1.0/24 ip nat inside+ use PBR of this type:
route-map NEW_RM, permit, sequence 20
Match clauses:
ip address (access-lists) : NEW_ACL
Set clauses:
interface Loopback250
route-map NEW_RM, permit, sequence 25
Match clauses:
Set clauses:
in ACL you specify permit ip 192.168.1.0 0.0.0.255 10.х.х.х + wildcard
you hang up route map on itnerface ip policy route -map NEW_RM
then hit ip nat inside source list NEW_ACL interface Loopback250 overload
port forward ip nat inside source static tcp 192.168.1.7 172.16.197.100 80 extendable
PS Did it 100 years ago, didn't seem to miss anything.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question