... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.dcom.vpn

VPN protocols, clients, awesomeness

2,348 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 1,826 of 2,348

Crawl to All

Cisco VPN Concentrator and NAT

10 Nov 05 14:36:00

   From: crawl@clublouie.com   
      
   Ok here is the setup, I have a current VPN tunnel established to another   
   company using some other type of VPN appliance that is unable to do NAT.   
     The need access to part of our network that overlaps with theirs.   
   "Drawing" that might make no sense to anyone but me follows.   
      
   | Remote Company VPN Appliance | -> 10.0.0.0/24   
   x   
   x *VPN TUNNEL*   
   x   
   | Cisco VPN Concentrator | 10.1.0.0/16   
   *   
   *   
   *   
   | Local Network (10.1.0.0/16) |   
   *   
   * (DS1 To Remote)   
   *   
   | Remote Network (10.0.0.0/16) |   
      
   Ok so there is a machine in the remote network with the IP of   
   10.0.10.24/16 that we need the remote company to get at.  Obviously any   
   IP coming from the remote company will be local to "Remote Network" thus   
   I have to NAT it at our VPN Concentrator.  Here is what I have done.   
      
   1) Setup a Network List for the "Local Network" configuration of the   
   LAN-to-LAN VPN tunnel to include 10.1.0.0/16 and 10.0.10.0/24.   
   2) Setup a Network List for the "Remote Network" configuration of the   
   LAN-to-LAN tunnel to include 10.0.0.0/24 and 10.200.0.0/24 *see below*.   
   3) Setup a NAT in the LAN-to-LAN NAT rules to translate the source of   
   10.0.0.0.0/24 to 10.200.0.0/24 when the destination network is   
   10.0.10.24, this was setup as a static (one to one) mapping.   
      
   So as of now I can ping an IP address on the Remote Companies side   
   (10.0.0.24/24) from the "Local Network", however in theory (or my   
   theory) I should be able to ping 10.200.0.24 from the Remote Network of   
   10.0.10.0/24.  Did I do something wrong or am I completely off on this?   
      
   Thanks in advance.   
   Crawl   
      
   ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet   
   News==----   
   http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+   
   Newsgroups   
   ----= East and West-Coast Server Farms - Total Privacy via Encryption =----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]