SSL-VPN and NAT?

Unanswered Question
Mar 6th, 2009

Hi,

is it possible to use SSL-VPN (anyconnect) on a Cisco2811 (client -> router) and then using NAT to translate the IP of the client for connecting to the network behind the router?

The problem I see is there is no interface to use "ip nat inside" on the router.

Can you help me?

Thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
auraza Fri, 03/06/2009 - 07:02

I am not sure I understand your question. What exactly are you trying to do?

You can use AnyConnect on a 2811 as long as you are running 12.4(15)T1 advipservices or higher.

mig Sat, 03/07/2009 - 12:13

The SSL-VPN connection works fine but I want to NAT (PAT) the IP-address of the VPN-client to the network behind the router, there is a dial-up connection (ISDN) to the customer. Do you understand me?

HEATH FREEL Fri, 03/06/2009 - 11:15

Since you can assign the SSL client an IP address from a pool in the router you should not require NAT. The Pool subnet you assign to the client can be in any subnet you want - even the local LAN subnet.

So, to answer your question I don't beleive there is a way to NAt the client IP, but since you can control the IP assigned to the client, there should be no need to run NAT.

mig Sat, 03/07/2009 - 12:21

This is correct, I can assign each IP to the client. But i want to PAT (dynamic NAT) the clients IP to the customer with an official IP.

pedrulesall Tue, 03/24/2009 - 13:35

There is a document in the Cisco support site that explains this. I would post the link, but Since you have access to this forum, then it is a matter of using the search tool on the webpage.

In a nut shell, just add the IP ranges you want natted to the PAT scope, and voila. There is also an alternate way involving either route-maps or the webvpn config itself. However its easier for you.

mig Mon, 03/30/2009 - 01:33

Thank you for your hint.

Can you help me again with posting the link to this document?

Thx

Actions

This Discussion