is it possible to setup site-to-site vpn with NAT on one side?

mrblackmamba343mrblackmamba343 Inactive Imported Users Posts: 136
in CCNP Security
I'm just curios? They have their remote devices configured for a pool of public IP's. Is a site-to-site VPN possible when one side is using a nat pool to get out? They need access to one of our servers we really don't need access to anything they have. They don't want me creating an access list to their private IP. They want to use the dynamic NAT translated address
· Share on FacebookShare on Twitter

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Yup, shouldn't be a problem.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • mrblackmamba343mrblackmamba343 Inactive Imported Users Posts: 136
    so I suppose I create an access list permitting our private ip to their public ip pools for the crypto map?
    And on their end they create an access list permitting their public ip pool to our private network?
    · Share on FacebookShare on Twitter
  • mrblackmamba343mrblackmamba343 Inactive Imported Users Posts: 136
    tested this on my home lab and it seems to be working. Hopefully it works when I deploy it in the real world
    · Share on FacebookShare on Twitter
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    A VPN doesn't care if the traffic is public or privately addressed, they're all just packets to be encapsulated.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.