From: Simon Baxter (Simon.Baxter@xxxxxxxxxxxxxx)
Date: Sun Feb 11 2001 - 01:57:27 GMT-3
I've read the "order of processing" information from CCO - before anyone
sends me it again....
Is this possible?
Company A has a network 10.0.0.0 with a connection to the internet.
Company B has a network that comprises of totally registered internet
addresses.
Company A and B decide to connect to eachother via an IPSec tunnel.
Company B selects a backbone router that will terminate the IPSec tunnel.
Company A wishes to both
1) Nat their private address range onto a public range
2) Terminate an IPSec tunnel to company B
NOTE: On the SAME router...
I've done multiple NAT + IPSec tunnels where both sides are natting and
IPSecing. Basically you define interesting traffic for encryption and
interesting traffic for NATing
something like this :
!
crypto map blobby
match ip add 101
!
ip nat in so route-map natter pool wolly
!
route-map natter perm 10
match ip add 102
!
acl 101 per ip 10.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255
!
acl 102 per ip 11.0.0.0 0.255.255.255 21.0.0.0 0.255.255.255
But this example is natting some stuff and VPN tunnelling other stuff.
I want to know how to tunnel translated traffic when one box is doing the
tunneling and translating....
???
Simon
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:44 GMT-3