Pass Unencrypted traffic through Concentrator

Unanswered Question
Feb 4th, 2007

Hi Guys,

I have a site to site connection between two concentrators, but the remote branch is taking its internet connection from the Head office Internet. We want it to go to the internet through its own DSL through the concentrator. the gateway of the users is the concentrator and we need to permit traffic to go without encryption thru the concentrator at the remote branch unless it goes to the internal servers at the Head office...

Regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fmeetz Fri, 02/09/2007 - 06:32

The VPN 3000 Concentrator required that the third Aggressive mode packet be encrypted. In versions prior to 3.6.Rel, this was not required. The VPN 3000 Concentrator now accepts the third Aggressive mode packet, either encrypted or unencrypted.

kaachary Sun, 02/18/2007 - 06:33

Hi,

You have configure Interface NAt rule for that. So that all the traffic meant for Internet would do out being patted to the Conc Public Intf ip address.

To configure a NAT rule :

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/polmgt.htm#wp1321478

Since, the vpn traffic is automatically exempted from NAt, so it would be effective only for unencrypted traffic.

HTH,

-Kanishka

Actions

This Discussion