Re: ipsec issue from jack daniels on 2010-03-16 (Ccielab archives 03/2010)

From: jack daniels <jckdaniels12_at_gmail.com>
Date: Tue, 16 Mar 2010 18:37:05 +0530

Hi Ryan,

In my scenario Internet is working with NAT + I'm able to access remote
server ( IPSEC tunnel setup sucessfully ) ...

ISSUE IS -
monitoring team outside our network access a PC with IP as 2.2.2.5, which
they are not changing in their NMS.
But actually PC ip is 1.1.1.1 was earlier given IP 2.2.2.5.....
Now this PC has IP 1.1.1.1

how will this work now without impacting internet + IP SEC tunnel

1.1.1.1----- 1.1.1.2 ROUTER FA4 2.2.2.2-----2.2.2.1 ADSL ROUTER ---INTERNET
> ----------------------------------- ipsec termination - 5.5.5.5
>

On Tue, Mar 16, 2010 at 6:28 PM, Ryan West <rwest_at_zyedge.com> wrote:

> Jack,
>
> > -----Original Message-----
> > Sent: Tuesday, March 16, 2010 8:41 AM
> > To: Cisco certification
> > Subject: Re: ipsec issue
> >
> > Hi Guys to make it simple
> > 1.1.1.1----- 1.1.1.2 ROUTER FA4 2.2.2.2-----2.2.2.1 ADSL ROUTER
> ---INTERNET
> > ----------------------------------- ipsec termination - 5.5.5.5
> >
> > 1.1.1.1 needs acess via ipsec tunnel to 5.5.5.5
> > 1.1.1.1 needs to access internet also
> >
> > These things are happening
> >
> >
> > with my config
> >
> >
> > BUT ISSUE IS SOMEONE FROM OUTSIDE NEEDS TO CONNECT TO 1.1.1.1 , BUT HE
> will
> > give the IP IN HIS PC FOR CONNECTION as 2.2.2.5<<<<<<<<
> >
> >
> >
> >
> > PLEASE SUGGEST ANY SOLUTION FOR SAME.<<<<<<<<<<<<<<<<<<<<<<<<<<<
> >
> >
> >
> > and when for this I put static nat
> >
> > ip nat inside source static 1.1.1.1 2.2.2.5
> > ISSUE - but when I recreate IPSEC tunnel by clearing it doesnt come up.
> >
> >
> > PLEASE SUGGEST ANY SOLUTION FOR SAME.
> >
> >
>
> First of all, I can't really figure out what you're talking about, but it
> sounds like you're on a paid gig and freaking out about a problem you can't
> fix. I think you had the problem figured out earlier when you were using a
> route-map based ip nat inside source static command. You trying to fix a
> basic issue with IPSec tunnels, interesting traffic with static NAT's and
> what to make as part of your NAT exempt rules.
>
> Try looking at the abundance of threads on Cisco's support forum:
>
>
> https://supportforums.cisco.com/thread/2002986;jsessionid=6B06ACA79DFCABC84D093A1ADFDB4CB2.node0
>
> -ryan

Blogs and organic groups at http://www.ccie.net
Received on Tue Mar 16 2010 - 18:37:05 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART