Is it Possible to NAT an IP on a Site2Site VPN and hairpin another site?

Hello, 
I have the following configuration setup and working i.e. I can ping from Peer 1, host 172.16.4.205 to Peer 3, host 10.1.10.10. 
What i would like to do is translate Peer 1 host 172.16.4.205 to 172.16.16.205 in the core (Peer 2) and have it forward to Peer 3 with the translated IP and revers as highlighted in the diagram. 
Is this possible? HOW? 
As always thank you in advance for any help.  

brigam38 wrote:
When you do that "Transfer Purchases" thing on the computer does that transfer the apps?
see this post by Zevoneer.

Similar Messages

  • Is it possible to sign a PDF file, make some changes, and add another signature?

    For example, if you create a test plan, sign off on it, fill it in electronically, and need to sign the "filled in version" too? It would be good to be able to create a document that gets signed off, that then can be added to, and then the addition also signed. I'm not sure if I'm making myself clear. We could use the certify feature, maybe, but we need to have multiple people sign-off on a file the first time before it's used. Then we want someone to use the info/add comments/maybe complete a form (we haven't worked that out) and have them sign that they completed it.
    Thank you.

    Yes you can with restrictions. You need to create your original PDF in such a way that you may make certain changes after it is signed. The easiest way to do it is to certify the original PDF with certain permissions. Acrobat Pro UI provides certain combinations of such permissions. Adobe LiveCycle provides more granular combinations of permissions but this is an expensive solution. Try first what Acrobat Pro UI gives you and see if it gets you want you need. You may apply as many modifications and signatures to the document as long as they conform to the certification permissions. The last signer can also lock his signature which disallows further modifications and signing.

  • Is this possible: SNC connection from SAP GUI to SAP Router, and ...

    Hi,
    I have (stupid perhaps) question.
    Is this scenario possible:
    SNC connection from SAP GUI to SAP Router, and non-SNC connection from SAP Router to SAP System.
    I know how to set up scenario like this:
    SAP System --- (non-SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP GUI.
    Best regards,
    Marek Majchrowski

    Wolfgang,
    To be sure myself and Marek understand, can you confirm the different scenarios supported:
    Scenario 1:
    SAP GUI --- (non SNC conn) --- saprouter1 --- (SNC conn) --- saprouter2 --- (non-SNC conn) --- SAP System
    With this scenario, it would be possible for a user to logon using SAP GUI onto the SAP System, but without SAP GUI SNC.
    Scenario 2:
    SAP GUI --- (SNC conn) --- saprouter1 --- (non SNC conn) --- saprouter2 --- (SNC conn) --- SAP System
    With this scenario it would be possible to logon to the SAP System using SAP GUI, and using SNC authentication.
    Also, with this scenario the SAP GUI software and SAP System software would consider this to be similar to:
    SAP GUI -- (SNC conn) -- SAP System
    Scenario 3:
    This is the scenario mentioned by Marek in his initial question:
    SAP GUI -- (SNC conn) -- saprouter1 -- (non SNC conn) -- SAP System
    With this scenario it will not be possible to logon to SAP System using SNC, and only possible if the SAP GUI is configured to not use SNC. In other words the SNC connection between SAP GUI and saprouter1 is available, but cannot be used.
    Thanks,
    Tim
    Edited by: Tim Alsop on Feb 25, 2008 5:24 PM

  • IpSec VPN and NAT don't work togheter on HP MSR 20 20

    Hi People,
    I'm getting several issues, let me explain:
    I have a Router HP MSR with 2 ethernet interfaces, Eth 0/0 - WAN (186.177.159.98) and Eth 0/1 LAN (192.168.100.0 /24). I have configured a VPN site to site thru the internet, and it works really well. The other site has the subnet 10.10.10.0 and i can reache the network thru the VPN Ipsec. The issue is that the network 192.168.100.0 /24 needs to reach internet with the same public address, so I have set a basic NT configuration, when I put the nat configuration into Eth 0/0 all network 192.168.100.0 can go to internet, but the VPN goes down, when I remove the NAT from Eth 0/0 the VPN goes Up, but the network 192.168.100.0 Can't go to internet.
    I'm missing something but i don't know what it is !!!!, See below the configuration.
    Can anyone help me qith that, I need to send te traffic with target 10.10.10.0 thru the VPN, and all other traffic to internet, Basically I need that NAT and VPN work fine at same time.
    Note: I just have only One public Ip address.
    version 5.20, Release 2207P41, Standard
    sysname HP
    nat address-group 1 186.177.159.93 186.177.159.93
    domain default enable system
    dns proxy enable
    telnet server enable
    dar p2p signature-file cfa0:/p2p_default.mtd
    port-security enable
    acl number 2001
    rule 0 permit source 192.168.100.0 0.0.0.255
    rule 5 deny
    acl number 3000
    rule 0 permit ip source 192.168.100.0 0.0.0.255 destination 10.10.10.0 0.0.0.255
    vlan 1
    domain system
    access-limit disable
    state active
    idle-cut disable
    self-service-url disable
    ike proposal 1
    encryption-algorithm 3des-cbc
    dh group2
    ike proposal 10
    encryption-algorithm 3des-cbc
    dh group2
    ike peer vpn-test
    proposal 1
    pre-shared-key cipher wrWR2LZofLx6g26QyYjqBQ==
    remote-address <Public Ip from VPN Peer>
    local-address 186.177.159.93
    nat traversal
    ipsec proposal vpn-test
    esp authentication-algorithm sha1
    esp encryption-algorithm 3des
    ipsec policy vpntest 30 isakmp
    connection-name vpntest.30
    security acl 3000
    pfs dh-group2
    ike-peer vpn-test
    proposal vpn-test
    dhcp server ip-pool vlan1 extended
    network mask 255.255.255.0
    user-group system
    group-attribute allow-guest
    local-user admin
    password cipher .]@USE=B,53Q=^Q`MAF4<1!!
    authorization-attribute level 3
    service-type telnet
    service-type web
    cwmp
    undo cwmp enable
    interface Aux0
    async mode flow
    link-protocol ppp
    interface Cellular0/0
    async mode protocol
    link-protocol ppp
    interface Ethernet0/0
    port link-mode route
    nat outbound 2001 address-group 1
    nat server 1 protocol tcp global current-interface 3389 inside 192.168.100.20 3389
    ip address dhcp-alloc
    ipsec policy vpntest
    interface Ethernet0/1
    port link-mode route
    ip address 192.168.100.1 255.255.255.0
    interface NULL0
    interface Vlan-interface1
    undo dhcp select server global-pool
    dhcp server apply ip-pool vlan1

    ewaller wrote:
    What is under the switches tab?
    Oh -- By the way, that picture is over the size limit defined in the forum rules in tems of pixels, but the file size is okay.  I'll let it slide.  Watch the bumping as well.
    If you want to post the switches tab, upload it to someplace like http://img3.imageshack.us/, copy the thumbnail (which has the link to the original)  back here, and you are golden.
    I had a bear of a time getting the microphone working on my HP DV4, but it does work.  I'll look at the set up when I get home tonight [USA-PDT].
    Sorry for the picture and the "bumping"... I have asked in irc in arch and alsa channels and no luck yet... one guy from alsa said I had to wait for the alsa-driver-1.0.24 package (currently I have alsa-driver-1.0.23) but it is weird because the microphone worked some months ago...
    So here is what it is under the switches tab

  • I just bought my macbook pro and it's charged up to 100% and is still plugged in but now shows the battery at 98%.  How is this possible when it's plugged in to the charger and the green light is on?

    I just bought my macbook pro and it's charged up to 100% and is still plugged in but now shows the battery at 98%.  How is this possible when it's plugged in to the charger and the green light is on?

    The system regularly lets the battery drop to about 95% when on the charger, then recharges to 100%.  This lets the batery exercise "just a little" all of the time and saves the recharge curcuits from overuse.
    Regualr occurence for me.
    Also ... you need to let your battery work at least once per month.  Let it run down to 40%, but not less if you can at all avoid it.  Running thr battery fully dead will shorten the battery life significantly.

  • Cisco ASA Site to Site IPSEC VPN and NAT question

    Hi Folks,
    I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:
    ASA2  is at HQ and ASA1 is a remote site. I have no problem setting up a  static static Site to Site IPSEC VPN between sites. Hosts residing at  10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but  what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16  will communicate with hosts at 192.168.1.0/24 with translated addresses
    Just an example:
    Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with  destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet  should be the same in this case .5)
    The same  translation for the rest of the communication (Host N2 pings host N3  destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)
    It sounds a bit confusing for me but i have seen this type of setup  before when I worked for managed service provider where we had  connection to our clients (Site to Site Ipsec VPN with NAT, not sure how  it was setup)
    Basically we were communicating  with client hosts over site to site VPN but their real addresses were  hidden and we were using translated address as mentioned above  10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the  same.
    Appreciate if someone can shed some light on it.

    Hi,
    Ok so were going with the older NAT configuration format
    To me it seems you could do the following:
    Configure the ASA1 with Static Policy NAT 
    access-list L2LVPN-POLICYNAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
    static (inside,outside) 10.23.1.0 access-list L2LVPN-POLICYNAT
    Because the above is a Static Policy NAT it means that the translation will only be done when the destination network is 10.1.0.0/16
    If you for example have a basic PAT configuration for inside -> outside traffic, the above NAT configuration and the actual PAT configuration wont interfere with eachother
    On ASA2 side you can normally configure NAT0 / NAT Exemption for the 10.1.0.0/16 network 
    access-list INSIDE-NONAT remark L2LVPN NONAT
    access-list INSIDE-NONAT permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
    nat (inside) 0 access-list INSIDE-NONAT
    You will have to take into consideration that your access-list defining the L2L-VPN encrypted traffic must reflect the new NAT network 
    ASA1: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.23.1.0 255.255.255.0 10.1.0.0 255.255.0.0
    ASA2: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
    I could test this setup tomorrow at work but let me know if it works out.
    Please rate if it was helpful
    - Jouni

  • Setting up Site-to-Site VPN and nat on IOS

    I have a senario I am looking to setup. I have a Cisco 3825 router that handles roughly 50 site-to-site VPN's. I have a particular VPN where I would like to nat (actually overload) off an interface for a specific VPN site-to-site tunnel. I know when you are doing nat you of course have an inside and an outside interface which I do on the router but how would you overload (pat) on an interface for just a specific VPN tunnel? Say you wanted to overload your entire internal supernet to a single private (RFC 1918) interface addess? Typically the outside interface (nat outside) what you would overload off of has a public ip address, but in this case you want to use a private RFC 1918 address as the source of the overload interface?
    Any help is appreciated.

    hi ,
    did you think of using a normal statment and use a route map with that statment that only permit the VPN traffic to be natted using that statment and deny any other translation , and for the crypto access-list you should use the source as the pattted ip address and the destination as the the remote proxies .
    regards.

  • HT204053 Good Morning, I have 2 Apple Account, will be possible to integrate each other in one account ? And if is possible, How can I do that ? Thanks, Fabio.

    Good Morning, I have 2 Apple Account, will be possible to integrate each other in one account ? And if is possible, How can I do that ? Thanks, Fabio.

    You don't have to do anything with the first iPod that you don't use anymore. If you are planning on keeping it, put in a drawer in your house and forget about it.
    You don't need a second account to use with the new iPod. I use one Appl e ID and iTunes library for two iPods, and two iPad. I have different content on all four devices. You can select exactly what you want to sync to each device and it can be different content on all devices.

  • Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes in DRM?

    When in a hierarchy, a user right clicks on a node to crate a new node, he has two options
    -Child
    -Sibling
    Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes?
    Business cases:
    1. different level nodes need to have different prefixes.
    - Thus, the default prefix property definition uses the level number to assign a prefix
    - Also, a validation, to ensure the correct prefix, uses the level number
    But if the user can create a child and a sibling then the default prefix will only be right for a single case and not both.
    Thanks

    If the images are exactly the same size then make sure the layer with the mask
    is the active layer and in the other documents go to Select>Load Selection and choose
    your document with the layer mask under Source document and under channel choose the layer mask.
    After the selection loads press the layer mask icon at the bottom of the layers panel.
    MTSTUNER

  • Is it possible to connect a mac book pro via thunderbolt and a dvi switchbox (multiple computers) to a thunderbolt display?

    Hi,
    I'm planning to buy a thunderbolt display.Since I have not only apple computers with a thunderbolt port I wonder if it's possible to connect my mac book pro via thunderbolt and a DVI switchbox via a "mini displayport to DVI connector" to the thunderbolt display at the same time. Thunderbolt is a bus architecture. Thus there must be an ingoing and an outgoing port on the display. The rearview of the display I've seen so far don't show this:
    If this is not possible then I must question the market chances of this product. Seems as if the product marketing guys exaggerated the launch of the thunderbolt technology.
    -ais-swiss

    ais-swiss wrote:
    How to connect windows laptop (vga) to thunderbolt display?
    AHHH??!!!!!!  Was that your original question??   I assumed you were trying to output FROM your computer (MacBook Pro w/ Thunderbolt) to the new display and then OUT to be the video source to a DVI switcher.
    MB Pro w/TB ---> TB Display ---> mDP-to-DVI adapter ---> DVI switcher
    So it seems as if it's not possible to use the thunderbolt display with the mini display port adapter to DVI you've mentioned.
    I did not understand that you were trying to use other PC's into a switcher and then THAT Video source to connect INTO the TB display.   If THAT is what you're trying to do, then NO....  You can NOT use the new TB Display to be used to display "FROM" a DVI switcher (and also can NOT be used to display from other Non-TB-Apple computers).
    I've also called apple. The statement was that one needs a computer with osx 10.6.x in order to connect the thunderbolt display. That makes it impossible to hook a windows pc or older mac to the new and shiny thunderbolt display.
    I wonder why apple doesn't state this in their technical descriptions...?
    -ais-swiss
    Actually, the state that information all over the Tech Specs on the Apple Store website.
    http://store.apple.com/us/product/MC914LL/A?mco=MTY3ODQ5OTY
    Here are two different statements from that webpage:
    So yes.... other NON-Apple PC's (or non-TB devices) do Not have the Thunderbolt technology (hardware/software) to be able to communicate with the TB display or other TB devices.

  • I have a mid 2010 Macbook Pro running Snow Leopard and foolishly upgraded to Yosemite.  Is it possible to go back in time with Time Machine and reinstall Snow Leopard.  Then upgrade to Lion or Mavericks?  Any other ideas on how I can exit Yosemite?

    I have a mid 2010 Macbook Pro running Snow Leopard and foolishly upgraded to Yosemite. Now have numerous problems.  Is it possible to go back in time with Time Machine and reinstall Snow Leopard?  Then upgrade to Lion or Mavericks?  Any other ideas on how I can exit Yosemite?

    Once you get yourself back to Snow Leopard, if you still want to upgrade somewhat, I would suggest the following:
    1. Get an external hard drive that you can use for experiments with new OS versions. You could partition it into 2 or 3 partitions. You could then clone your existing Snow Leopard system to one partition using Carbon Copy Cloner (well worth $40) or SuperDuper ($25).
    2. Buy OS X Mountain Lion for $20, through the Apple online store (I don't think it's available through the App Store). Apple has decided to make it very difficult for anyone to get Mavericks unless they have already downloaded it.
    You will receive two e-mails from Apple, one containing a PDF with a redemption code, and one with the password you will need to unlock the PDF. Using the code, you will download Mountain Lion from the App Store, where it will appear among your Purchased items.
    After ML finishes downloading, its installer app will launch itself. When you see this launch screen, QUIT the install app immediately! Go to your applications folder, find the Install OS X Mountain Lion app, and copy it to a safe location outside of your Applications folder. Keeping one or more copies will allow you to reinstall without unnecessary aggravation if you later need or want to do that. At this point, you can re-launch the Installer in the Applications folder and let it run. You can install it on a clean partition on your external HD, or you can allow it to upgrade the Snow Leopard clone you created on your external drive, or you can do both. This should allow you to test how everything works for as long as you like.
    3. If you left yourself a free partition on your test drive, try a clean install of Yosemite and set everything up from scratch (do not migrate anything). This will allow you to see whether your problems with it were related to something in your Snow Leopard system.

  • Is it possible to remove my hard drive from the Macbook and install it in a new Macbook Pro?

    I currently have a 2009 Macbook and am wanting to upgrade to a new Macbook Pro.  I have upgraded my hard drive in the macbook to a 500gb and have a duel boot with Windows 7 installed with Boot Camp along with other software that I do not want to lose.  Is it possible to remove my hard drive from the Macbook and install it in a new Macbook Pro?

    A much better solution is to hook your two Mac together and the first time you start the new Mac and it asks if you wish to recover data from another Mac, answer yes. This will invoke Setup Assitant which will do the job for you but intelligently.
    I know because I just used Setup Assitant. It worked like  a charm.
    Allan

  • Is it possible to reinstall Mac OS X Lion on MacBook and then use Time Machine to restore to the previous backup I made before reinstalling Mac OS X Lion?

    Is it possible to reinstall Mac OS X Lion on MacBook and then use Time Machine to restore to the previous backup I made before reinstalling Mac OS X Lion?

    My MacBook was not normally booting up. It would turn on, make the Apple startup noise, and the bottom loading bar would progress just a little bit, then my MacBook would shut down. I tried rebooting it many times and the same thing would happen, it would just shut down. Then, I read that I can reset the PRAM (by holding Option+Command+P+R after the Apple startup noise comes). That worked, but now I get a screen that asks me to choose one of the 4 options (see:  http://images.macworld.com/images/article/2012/07/lionrecoveryutilities-289404.j pg). I choose Restore From Time Machine Backup, but it progresses to 17.6% and gets stuck there forever. I tried doing it again, and it got stuck at 17.6% again. That is why I am asking if I should just reinstall Lion, then restore a previous backup on the fresh new Lion?

  • Is it possible to export contacts  from Outlook 2011 for Mac and importing this file back into Mac Address Book.? please reply me its urgent

    Is it possible to export contacts  from Outlook 2011 for Mac and importing this file back into Mac Address Book.? please reply me its urgent

    Is it possible to export contacts  from Outlook 2011 for Mac and importing this file back into Mac Address Book.? please reply me its urgent

  • I have a seal pack ipad mini 1 wifi and i want to upgrade to ipad mini 2 retinal display wifi is this possible , that apple take my ipad 1 wifi back and give to me new ipad retinal display wifi ,

    i have a seal pack ipad mini 1 wifi and i want to upgrade to ipad mini 2 retinal display wifi is this possible , that apple take my ipad 1 wifi back and give to me new ipad retinal display wifi , i live in india, bhopal city

    Your only option is to sell the iPad and then buy the new one.
     Cheers, Tom

Maybe you are looking for

  • Time capsule wifi working for Apple TV, but not my other 3 devices.

    I recently moved. At my previous address, I had my Time Capsule creating a wifi network that all my devices connected to without a problem. Now, only my Apple TV connects.  My MacBook Pro, iPhone, and iPad do not connect.  They can see the network, b

  • Error while Executing Unix Shell Commands Using Runtime clas

    I am trying to run the following code in java on unix machine to execute cat command. Runtime runtime = Runtime.getRuntime();           try {                System.out.println("before catexecute");                Process process = runtime.exec("cat /

  • How to use Search Folders in Outlook for shared mailboxes

    Hello We use Otlook 2010/2013 with MS Exchange 2010. In outlook there is "Serarch folder" with subfolders Large e-mail, Unreaded mails.... User can create own subfolders with rules. Users have attahet to outlook shared mailboxex for example Import, E

  • Compulsory quantity in text position of BOM

    Hi gurus, when I create a production order (CO01) and I add a text position in BOM (type T) the system requires an obligatory quantity. It's not logical  that a text position requires a quantity. Is it possible to make the text position not obligator

  • FTP program not showing Airport Disk folders or files

    I have just recently changed my wireless router to an Airport Extreme (gigabit) from a Netgear WNR854T (that was having up-time issues). I have an old PC that I use for an FTP server control with the Serv-U package. When I had the WNR854T running I j