Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
2
Replies

NATing in VPN Concentrator

sharma_arpit
Level 1
Level 1

‎11-02-2007 09:09 AM - edited ‎02-21-2020 03:21 PM

Hi

Is it possible to do static NAT in VPN Concentrator.My setup is :

IPSec LAN-to-LAN tunnel has been setup between VPN Conc and customer firewall

Users in my LAN are able to initiate tunnel w/o any problem.When a user is connecting through VPN Client he is also able to sent traffic through tunnel.If i want that a user should have a virtual ip it should be nated in VPN conc and starts the tunnel means

User(VPN Client)->ping 172.16.xx.xx(This ip is no where in tunnel)->NAT-TO 203.200.xx.xx (IP allowed by customer) ->starts the tunnel

e.g in LAN users ping 203.200.xx.xx -> starts the tunnel

Thanks in advance

Amit

Labels:
0 Helpful
2 Replies 2

bwilmoth
Level 5
Level 5

‎11-07-2007 08:35 AM

it is very much possible to nat the outside interface of the concentrator to a global ip address. You just have to take care that you do a static nat and not pat because with PAT anybody from internet won't be able to reach your concentrator.

Just make the inside ip address of the firewall and outside ip address of the concentrator in same network and do static natting on firewall and it should take care of everything.

0 Helpful

sharma_arpit
Level 1
Level 1
In response to bwilmoth

‎11-08-2007 02:13 AM

Hi

Thanks for your reply

One thing is that my concentrator is outside thepix firewall means

LAN -> PIX->Concentrator

and I want to do NATing on Conc for VPN Client

0 Helpful
Customers Also Viewed These Support Documents