11-02-2007 09:09 AM - edited 02-21-2020 03:21 PM
Hi
Is it possible to do static NAT in VPN Concentrator.My setup is :
IPSec LAN-to-LAN tunnel has been setup between VPN Conc and customer firewall
Users in my LAN are able to initiate tunnel w/o any problem.When a user is connecting through VPN Client he is also able to sent traffic through tunnel.If i want that a user should have a virtual ip it should be nated in VPN conc and starts the tunnel means
User(VPN Client)->ping 172.16.xx.xx(This ip is no where in tunnel)->NAT-TO 203.200.xx.xx (IP allowed by customer) ->starts the tunnel
e.g in LAN users ping 203.200.xx.xx -> starts the tunnel
Thanks in advance
Amit
11-07-2007 08:35 AM
it is very much possible to nat the outside interface of the concentrator to a global ip address. You just have to take care that you do a static nat and not pat because with PAT anybody from internet won't be able to reach your concentrator.
Just make the inside ip address of the firewall and outside ip address of the concentrator in same network and do static natting on firewall and it should take care of everything.
11-08-2007 02:13 AM
Hi
Thanks for your reply
One thing is that my concentrator is outside thepix firewall means
LAN -> PIX->Concentrator
and I want to do NATing on Conc for VPN Client
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide