1 to 1 nat

[djacobs38]

I have a client that needs 1 to 1 nat setup. The client is a branch doctors office. The doc's regularly go to the hospital for surgeries and need to connect back to the branch office for network resources. There is a VPN between the branch office and the hospital. The branch office has a cisco router, the hospital uses Juniper networks. A tech from the hospital contacted me and wants any traffic coming from the branch office to the hospital to look like it's coming from a 172.16.35.0/24 subnet. The branch office subnet is 192.168.32.0/24.

Does anyone have any sample configs of a similar setup?

 

[unclerico]

The feature you're looking for is called policy NAT and with IOS it isn't the easiest thing to accomplish mainly because the destination NAT (outside->inside) config requires static one-to-one configs while the source NAT (inside->outside) is very straight forward. If you want the doctors to be able to source traffic from the hospital network to the branch office you're going to need 1-to-1 mappings for each host. How many depends on the number of resources that need to be reached. If you could replace the router with an ASA the config is simplified by about 100x as policy NAT for ASA will essentially do subnet to subnet translation so host 192.168.1.1 will be translated to host 172.16.35.1, host 192.168.32.2 will be 172.16.35.2 and so on.