one to one nat / VPN
I am needing to configure a VPN tunnel with another vendor but we have an IP address conflict.. I am trying to use ONE TO ONE nat to overcome, but I can't seem to get it quite right. I can get the VPN setup and the ONE TO ONE NAT to function where the device I need to communicate with will indeed communicate over the VPN, but it can't get to the INTERNET while the NAT is enabled. Here is the setup...
WAN: 164.58.5.202 (probably irrelevant)
PRIMARY LAN: 172.16.2.1
LOCAL DEVICE on LAN: 172.16.2.5
REMOTE SUBNET I need to access over VPN: 10.181.75.0/27 and Specific device: 10.181.75.11
The vendor has a problem / conflict with our 172.16.2.1 LAN, so they asked if we could NAT using the 10.144.162.0 / 27 subnet.
Seems ok.. here is what I have done:
1. Setup a second LAN on my router with 10.144.162.0/27 with IP on router of 19.144.162.1 and VLAN of 162
2. Setup a VPN tunnel to the vendor using my LOCAL SUBNET as 10.144.162.0 / 27 (VPN establishes OK)
VPN settings show LOCAL NETWORK: 10.144.162.0 /27 and REMOTE NETWORK: 10.181.75.0 / 27
3. Setup a One to One NAT with following
INTERFACE: WAN
Original IP: 172.16.2.5
Translated IP: 10.144.162.11 (this is the IP the vendor wants to talk to)
When I ENABLE this NAT rule, the 172.16.2.5 can PING the 10.181.75.11 device on the other side of the VPN
And the 10.181.75.11 can ping back to the 172.16.2.5
However, the 172.16.2.5 can't ping out to the internet.
It can ping other devices on the 172.16.2.0 LAN.
If I DISABLE that NAT, then it can ping out to the internet, but of course can't ping the remote device on the VPN.
What did I miss?
Thanks
Brandon
I am needing to configure a VPN tunnel with another vendor but we have an IP address conflict.. I am trying to use ONE TO ONE nat to overcome, but I can't seem to get it quite right. I can get the VPN setup and the ONE TO ONE NAT to function where the device I need to communicate with will indeed communicate over the VPN, but it can't get to the INTERNET while the NAT is enabled. Here is the setup...
WAN: 164.58.5.202 (probably irrelevant)
PRIMARY LAN: 172.16.2.1
LOCAL DEVICE on LAN: 172.16.2.5
REMOTE SUBNET I need to access over VPN: 10.181.75.0/27 and Specific device: 10.181.75.11
The vendor has a problem / conflict with our 172.16.2.1 LAN, so they asked if we could NAT using the 10.144.162.0 / 27 subnet.
Seems ok.. here is what I have done:
1. Setup a second LAN on my router with 10.144.162.0/27 with IP on router of 19.144.162.1 and VLAN of 162
2. Setup a VPN tunnel to the vendor using my LOCAL SUBNET as 10.144.162.0 / 27 (VPN establishes OK)
VPN settings show LOCAL NETWORK: 10.144.162.0 /27 and REMOTE NETWORK: 10.181.75.0 / 27
3. Setup a One to One NAT with following
INTERFACE: WAN
Original IP: 172.16.2.5
Translated IP: 10.144.162.11 (this is the IP the vendor wants to talk to)
When I ENABLE this NAT rule, the 172.16.2.5 can PING the 10.181.75.11 device on the other side of the VPN
And the 10.181.75.11 can ping back to the 172.16.2.5
However, the 172.16.2.5 can't ping out to the internet.
It can ping other devices on the 172.16.2.0 LAN.
If I DISABLE that NAT, then it can ping out to the internet, but of course can't ping the remote device on the VPN.
What did I miss?
Thanks
Brandon


