rubbaninja
MIS
Having troubles setting the LAN to LAN NAT rules.
Tunnel is up but the translation is not working.
Scenario:
Network B needs to access 2 hosts on Network A but both networks use the same address space of the hosts. Nat needs to be in place.
Network A (my network)
Network B (remote network)
(LAN-to-LAN info)
Peer: 192.192.251.1 (their vpn concentrator)
Local Network: (uses the local list below)
Remote Network: 192.192.192.1
Local Host list
10.10.10.1/0.0.0.0
10.10.10.2/0.0.0.0
185.185.185.1/0.0.0.0
185.185.185.2/0.0.0.0
Configuration:
2 LAN-to-LAN NAT rules were configured on Network A concentrator, one for each host, we used Bogon address for the translated IP, 185.185.185.1 and 2.
Destination: private ip address - 10.10.10.1 and 10.10.10.2 on network A.
Nat rules are as follows
[185.185.185.1/32 : 10.10.10.1/32]->192.192.192.1/32
[185.185.185.2/32 : 10.10.10.2/32]->192.192.192.1/32
The concentrators inside interface is on a PIX DMZ (VPNDMZ) and the public interface is located in front of the firewall.
The PIX logs show connection attempts to 185.185.185.1 by 192.192.192.1 but is being denied.
Log message shows;
Deny TCP SRC VPNDMZ:192.192.192.1/1205 dst outside:185.185.185.1/2068
Since the translation is being done on the VPN concentrator, I should not see the 185.185.185.1 address.
This leads me to believe that the translation is backwards or completely out of order. The VPN docs don't give examples I can really use or apply concept to.
I have never configured LAN-to-LAN let alone the NAT on the concentrator so I am stumped!
If you need more information, I have plenty.
Thank You,
Tunnel is up but the translation is not working.
Scenario:
Network B needs to access 2 hosts on Network A but both networks use the same address space of the hosts. Nat needs to be in place.
Network A (my network)
Network B (remote network)
(LAN-to-LAN info)
Peer: 192.192.251.1 (their vpn concentrator)
Local Network: (uses the local list below)
Remote Network: 192.192.192.1
Local Host list
10.10.10.1/0.0.0.0
10.10.10.2/0.0.0.0
185.185.185.1/0.0.0.0
185.185.185.2/0.0.0.0
Configuration:
2 LAN-to-LAN NAT rules were configured on Network A concentrator, one for each host, we used Bogon address for the translated IP, 185.185.185.1 and 2.
Destination: private ip address - 10.10.10.1 and 10.10.10.2 on network A.
Nat rules are as follows
[185.185.185.1/32 : 10.10.10.1/32]->192.192.192.1/32
[185.185.185.2/32 : 10.10.10.2/32]->192.192.192.1/32
The concentrators inside interface is on a PIX DMZ (VPNDMZ) and the public interface is located in front of the firewall.
The PIX logs show connection attempts to 185.185.185.1 by 192.192.192.1 but is being denied.
Log message shows;
Deny TCP SRC VPNDMZ:192.192.192.1/1205 dst outside:185.185.185.1/2068
Since the translation is being done on the VPN concentrator, I should not see the 185.185.185.1 address.
This leads me to believe that the translation is backwards or completely out of order. The VPN docs don't give examples I can really use or apply concept to.
I have never configured LAN-to-LAN let alone the NAT on the concentrator so I am stumped!
If you need more information, I have plenty.
Thank You,