Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

NAT routing for VPN client

marketgraph
Level 1
Level 1

‎02-09-2007 05:28 AM - edited ‎02-21-2020 01:24 AM

Hi,

I have a Cisco 2801 router connected to the Internet running EasyVPN server and some site-to-site connections.

Some of the clients from the EasyVPN server need to be able to 'use' the IP from the 2801 to access other servers in the public internet. So I'm trying to setup NAT routing but I cannot get it to work.

On the EasyVPN server tunneling is disabled (for now) and the address pool assigned to the clients has been added to the permit pool of the NAT routing.

But I think that my problem is that requests from a VPN client come from interface FastEthernet0/0 and that is the public interface on which they are leaving again as well. And to my knowledge I cannot set an interface to "inside" and "outside" in the NAT settings.

Please help.

0 Helpful
2 Replies 2

sbilgi
Level 5
Level 5

‎02-15-2007 06:33 AM

The following link gives the configuration example of Configuring PIX to PIX Dynamic-to-Static IPSec with NAT and Cisco VPN Client.

http://cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

0 Helpful

marketgraph
Level 1
Level 1
In response to sbilgi

‎02-15-2007 09:24 AM

Sorry but it didn't help. This is a situation where you want to NAT traffic on each router itself. What I need to accomplish is have two networks, A and B. Both connected to the public internet but all traffic to the public internet coming from network B should be first routed using an IPsec tunnel to network A, and on network A NAT routing should take place to route the traffic to the outside world.

Thing is that from the Cisco IOS side, the incoming VPN traffic is on the same interface, FastEthernet 0/0 as the public network, such that it seems like it is not applying any NAT rules to it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card