Introduction
This document provides a networking example that simulates two merging companies with the same IP addressing scheme. Two routers are connected with a VPN tunnel, and the networks behind each router are the same. For one site to access hosts at the other site, Network Address Translation (NAT) is used on the routers to change both the source and the destination addresses to different subnets.
Note: This configuration is not recommended as a permanent setup because it would be confusing from a network management standpoint.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
- Router A: Cisco 3640 router running Cisco IOS® Software Release 12.3(4)T
- Router B: Cisco 2621 router running Cisco IOS® Software Release 12.3(5)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to Cisco Technical Tips Conventions.
Background Information
In this example, when host 172.16.1.2 at Site A accesses the same IP-addressed host at Site B, it connects to a 172.19.1.2 address rather than to the actual 172.16.1.2 address. When the host at Site B to accesses Site A, it connects to a 172.18.1.2 address. NAT on Router A translates any 172.16.x.x address to look like the matching 172.18.x.x host entry. NAT on Router B changes 172.16.x.x to look like 172.19.x.x.
The crypto function on each router encrypts the translated traffic across the serial interfaces. Note that NAT occurs before encryption on a router.
Note: This configuration only allows the two networks to communicate. It does not allow for Internet connectivity. You need additional paths to the Internet for connectivity to locations other than the two sites; in other words, you need to add another router or firewall on each side, with multiple routes configured on the hosts.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .
Network Diagram
This document uses this network setup:
Configurations
This document uses these configurations:
Router A |
---|
Current configuration : 1404 bytes |
Router B |
---|
Current configuration : 1255 bytes |
Verify
This section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.
- show crypto ipsec sa—Shows the phase 2 security associations.
- show crypto isakmp sa—Shows the phase 1 security associations.
- show ip nat translation—Shows the current NAT translations in use.