IPsec with Cisco and NAT problem

meth · April 12, 2011, 1:30pm

Hi there, i just made an ipsec with cisco router but i have some problem with NAT.
my local address is 192.9.200.0/24 (this subnet is given from vendor and cant change it)

on ip sec IP policy src address is 10.0.248.0/24 and dst address is x.138.39.16/29
on firewalling is
add action=accept chain=srcnat comment=Siem disabled=no dst-address=
x.138.39.16/29 src-address=10.0.248.0/24
add action=accept chain=srcnat comment=“” disabled=no dst-address=
10.0.248.0/24 src-address=x.138.39.16/29

must be ok for the firewall to accept to and from traffic.

now what i need to do is to translate all cisco incoming traffic 10.0.248.110 to 192.9.200.110 and opposite (cisco needs to reach the 10.0.248.0/24 traffic and not the 192.9.200.0/24)
on cisco the syntax is:
ip nat inside source static 192.9.200.110 10.0.248.110

I have try some nat examples from the wiki but nothing happens. I am not sure if is nat problem or firewall problem.
P.S no one interface has the 10.0.248.0/24 ip
Any idea?

meth · April 13, 2011, 11:16am

Any Help?

duvi · April 13, 2011, 12:19pm

Could you draw a network map including devices, ip addresses, ports, etc?

meth · April 13, 2011, 3:44pm

Tnx for reply,

the configuration is very simple.
on ether10 (rb 1100) is the 192.9.200.0/24 network which has 2 pc’s with 192.9.200.110 and 192.9.200.111
but the tunnel sharing the remote address which is on the first post and my local 10.0.248.0/24
the 10.0.248.0/24 is given nowhere in my router so i need to translate all requests to 10.0.248.110 and 10.0.248.111 to 192.9.200.110 and 111 as well. I am not sure if must be given 10.0.248.0./24 as second ip in eth10 or just the NAT doing this job.