Renaming a Network
Hey,
To make my life easier, I often set up site-to-site VPNs to the clients my own company looks after.
I sometimes set up site-to-site VPNs to the larger clients of my employer.
I encountered a problem recently where my Client's and my Employer's Client's subnets were the same: 192.168.0.0/24.
I knew what needed to be done, but whether or not it was possible I was not sure.
Basically I had two options:
1. Change the source as it left one of the client's, and change the destination on it's way back
OR
2. Change my destination as it left my network, and change the source as it came back.
Even though I had full access to both Clients' routers, I thought it would be better if I did it on my own company's router. Option 2.
So, from my previous posts you will see that I particular like Tunnel interfaces.
I did some research, and found I had to change my usual Tunnel interface and define it as an outside nat interface.
Example:
MyRouter(config)# interface Tunnel9
MyRouter(config-if)# ip unnumbered Vlan1
MyRouter(config-if)# ip nat outside
MyRouter(config-if)# tunnel source Dialer0
MyRouter(config-if)# tunnel destination A.A.A.A
MyRouter(config-if)# tunnel mode ipsec ipv4
MyRouter(config-if)# tunnel protection ipsec profile ipsecProfile
I then needed to define my rules for translation, plus a new route.
ip nat inside source static network 192.168.9.0 192.168.0.0 /24
ip nat outside source static network 192.168.0.0 192.168.9.0 /24
ip route 192.168.9.0 255.255.255.0 Tunnel9
Works perfectly, although I find the terms REALLY confusing!!!
Of course I will need a corresponding route on the remote router back to my network.
ip nat inside source static will change the SOURCE on its way OUT, and DESTINATION when it comes back in. (Compare this to a usual ip nat outside on a Dialer for internet sharing).
This seems counter-intuitive as the Tunnel interface is ip nat outside. When traffic goes out via the Tunnel, it is essentially going in->out, then why is the SOURCE not changed? The source will always be from my Vlan1, correct?
I can't explain this one. Any help is appreciated!
Also:
show ip nat translations will give:
Pro Inside global Inside local Outside local Outside global
--- --- --- 192.168.9.0 192.168.0.0
--- 192.168.0.0 192.168.9.0 --- ---