Hi,
I am working on a scenario where the requirement is to NAT a single IP address (172.0.0.0/32) while other private networks (10.0.0.0/8) are allowed to traverse an IKEv2 VTI route based tunnel un-natt'd.
Not really sure how to accomplish this and was hoping someone familiar with this kind of set up could give me some clarification on it.
My initial thought was to configure a NAT pool, ACL, inside source list or route-map and throw an ip nat inside on the tunnel interface like this.
ip pool GLOBAL 192.168.1 10 192.168.1.11 netmask 255.255.255.252
ip nat inside source list SINGLEIP pool GLOBAL
ip access-list extended SINGLEIP
permit 172.16.1.1
deny
interface tunnel1
ip nat inside
However, won't the "ip nat inside" on the tunnel interface deny the other private traffic (10.0.0.0/8) destined for the tunnel?
That's where I find my lack of clarity and need some knowledge. Thanks.
No comments:
Post a Comment