Community discussions

MikroTik App
 
meth
newbie
Topic Author
Posts: 25
Joined: Tue Jan 17, 2006 7:24 pm
Location: Creta-Greece

IPsec with Cisco and NAT problem

Tue Apr 12, 2011 4:30 pm

Hi there, i just made an ipsec with cisco router but i have some problem with NAT.
my local address is 192.9.200.0/24 (this subnet is given from vendor and cant change it)

on ip sec IP policy src address is 10.0.248.0/24 and dst address is x.138.39.16/29
on firewalling is
add action=accept chain=srcnat comment=Siem disabled=no dst-address=\
x.138.39.16/29 src-address=10.0.248.0/24
add action=accept chain=srcnat comment="" disabled=no dst-address=\
10.0.248.0/24 src-address=x.138.39.16/29

must be ok for the firewall to accept to and from traffic.

now what i need to do is to translate all cisco incoming traffic 10.0.248.110 to 192.9.200.110 and opposite (cisco needs to reach the 10.0.248.0/24 traffic and not the 192.9.200.0/24)
on cisco the syntax is:
ip nat inside source static 192.9.200.110 10.0.248.110

I have try some nat examples from the wiki but nothing happens. I am not sure if is nat problem or firewall problem.
P.S no one interface has the 10.0.248.0/24 ip
Any idea?
 
meth
newbie
Topic Author
Posts: 25
Joined: Tue Jan 17, 2006 7:24 pm
Location: Creta-Greece

Re: IPsec with Cisco and NAT problem

Wed Apr 13, 2011 2:16 pm

Any Help?
 
duvi
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Fri Jun 05, 2009 12:32 pm
Contact:

Re: IPsec with Cisco and NAT problem

Wed Apr 13, 2011 3:19 pm

Could you draw a network map including devices, ip addresses, ports, etc?
 
meth
newbie
Topic Author
Posts: 25
Joined: Tue Jan 17, 2006 7:24 pm
Location: Creta-Greece

Re: IPsec with Cisco and NAT problem

Wed Apr 13, 2011 6:44 pm

Tnx for reply,

the configuration is very simple.
on ether10 (rb 1100) is the 192.9.200.0/24 network which has 2 pc's with 192.9.200.110 and 192.9.200.111
but the tunnel sharing the remote address which is on the first post and my local 10.0.248.0/24
the 10.0.248.0/24 is given nowhere in my router so i need to translate all requests to 10.0.248.110 and 10.0.248.111 to 192.9.200.110 and 111 as well. I am not sure if must be given 10.0.248.0./24 as second ip in eth10 or just the NAT doing this job.

Who is online

Users browsing this forum: BergDev, erlinden, pogr, simplextech, sindy and 114 guests