×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Complex NAT question Cisco 3825 and DS-3

Unanswered Question
Mar 29th, 2007
User Badges:

I have what to me is a complex NAT question.


I have a Cisco 3825 with a DS-3 and two GigE connections. I have one GigE set to my internal LAN and the other to my DMZ.


I have a /25 set of public IP's.


My provider does not route the IP given to the serial interface.


Here is the real question, can I NAT the serial interface with one of my public IP's and still be able to use static NAT's for specific addresses on my two GigE interfaces?


The reason I want to do this is that I can use the 3825's VPN capability. Currently I have it setup so that I use a NAT pool on the LAN side and static NAT's on the DMZ. Everything is working great except for the fact that I can't use the 3825 for a VPN server due to the fact that I can't get to the Serial IP from the outside.


Hopefully that makes sense, if not, I would be happy to provide more info and explanation.


Thanks,


Adam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
paolo bevilacqua Thu, 03/29/2007 - 08:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


is not too complex. Disregard the serial interface address. Any of the public address on the router will work to terminate IPSec, as long no static NAT is using these address/ports. But it appears that you have none at the moment, your public addresses are only used for NAT pooling.


So, configure a free adresss as loopback interface in the router with mask /32.


Hope this helps, please rate all useful posts!


Actions

This Discussion