i just configured our new 1802 as our internet firewall and easy VPN Server and everthing works well. The only Problem is, that connected VPN Clients cannot access the internet. It is a companys policy, that every traffic from the remote users should be encrypted and send to the central side, so split tunneling isn?t an option.
I added the SDM_Pool IPs of the Remote Workers to the NAT ACL and for some reasons the ACL is used by some packets that my "IBM Sametime" generates, and this traffic can be seen in ip nat translation. But the destination in this packets is a local ip network (172.16.17.x) so that should bei a packet that is not NATed.
My question is, what happens to encrypted packets after they are decrypted in the esayVPN Server (what are the dest an source ip ) and how can i configure the router to NAT the packets to the external IFs-IP, because it isn?t incoming traffic on the internal if, which is configured as ip nat inside.
Thanks for any suggestions.
This should help...
Please rate helpful posts.