NATing in VPN Concentrator

Unanswered Question
Nov 2nd, 2007
User Badges:


Is it possible to do static NAT in VPN Concentrator.My setup is :

IPSec LAN-to-LAN tunnel has been setup between VPN Conc and customer firewall

Users in my LAN are able to initiate tunnel w/o any problem.When a user is connecting through VPN Client he is also able to sent traffic through tunnel.If i want that a user should have a virtual ip it should be nated in VPN conc and starts the tunnel means

User(VPN Client)->ping 172.16.xx.xx(This ip is no where in tunnel)->NAT-TO 203.200.xx.xx (IP allowed by customer) ->starts the tunnel

e.g in LAN users ping 203.200.xx.xx -> starts the tunnel

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Wed, 11/07/2007 - 08:35
User Badges:
  • Silver, 250 points or more

it is very much possible to nat the outside interface of the concentrator to a global ip address. You just have to take care that you do a static nat and not pat because with PAT anybody from internet won't be able to reach your concentrator.

Just make the inside ip address of the firewall and outside ip address of the concentrator in same network and do static natting on firewall and it should take care of everything.

sharma_arpit Thu, 11/08/2007 - 02:13
User Badges:


Thanks for your reply

One thing is that my concentrator is outside thepix firewall means

LAN -> PIX->Concentrator

and I want to do NATing on Conc for VPN Client


This Discussion