Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4136 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN needs to masquerade IP

bfulford
I have setup a Site to Site VPN with a partner but need to have our IP address masquerade as a different IP whenever traffic goes over the VPN to the partner. I cannot seem to find an intuitive way to accomplish this. Any help?


This thread was automatically locked due to age.
Parents
  • 0
    To resolve the same problem at a client site, I SNAT'd traffic from the VPN Pool (IPsec) to appear to be coming from the Internal (Address). I don't know how to do that with the Cisco, but I believe they have to solve the NAT problem on their end.

    If that's not possible, then I think you're stuck with redoing your internal addressing scheme so that there's no conflict.

    Then again, if it's just a clearly-defined set of devices/services, and you don't need the security of encrypted communications, they could do away with the VPN and just create a DNAT exclusive to your 66.x.x.x IP.

    Cheers - Bob
Reply
  • 0
    To resolve the same problem at a client site, I SNAT'd traffic from the VPN Pool (IPsec) to appear to be coming from the Internal (Address). I don't know how to do that with the Cisco, but I believe they have to solve the NAT problem on their end.

    If that's not possible, then I think you're stuck with redoing your internal addressing scheme so that there's no conflict.

    Then again, if it's just a clearly-defined set of devices/services, and you don't need the security of encrypted communications, they could do away with the VPN and just create a DNAT exclusive to your 66.x.x.x IP.

    Cheers - Bob
Children
  • 0 in reply to BAlfson
    To resolve the same problem at a client site, I SNAT'd traffic from the VPN Pool (IPsec) to appear to be coming from the Internal (Address). I don't know how to do that with the Cisco, but I believe they have to solve the NAT problem on their end.

    Cheers - Bob


    Are there any tricks beyond setting MASQ rules for the IPSEC VPN pool?

    I'm going to be setting up a S2S tunnel between home and work and because I have no control over our router I have to masq all VPN connections so the traffic appears to be coming from the Astaro. I'm already doing that with my SSL VPN setup and it works great.