Complex NAT question Cisco 3825 and DS-3

Unanswered Question
Mar 29th, 2007

I have what to me is a complex NAT question.

I have a Cisco 3825 with a DS-3 and two GigE connections. I have one GigE set to my internal LAN and the other to my DMZ.

I have a /25 set of public IP's.

My provider does not route the IP given to the serial interface.

Here is the real question, can I NAT the serial interface with one of my public IP's and still be able to use static NAT's for specific addresses on my two GigE interfaces?

The reason I want to do this is that I can use the 3825's VPN capability. Currently I have it setup so that I use a NAT pool on the LAN side and static NAT's on the DMZ. Everything is working great except for the fact that I can't use the 3825 for a VPN server due to the fact that I can't get to the Serial IP from the outside.

Hopefully that makes sense, if not, I would be happy to provide more info and explanation.

Thanks,

Adam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Paolo Bevilacqua Thu, 03/29/2007 - 08:47

Hi,

is not too complex. Disregard the serial interface address. Any of the public address on the router will work to terminate IPSec, as long no static NAT is using these address/ports. But it appears that you have none at the moment, your public addresses are only used for NAT pooling.

So, configure a free adresss as loopback interface in the router with mask /32.

Hope this helps, please rate all useful posts!

Actions

This Discussion