03-06-2009 04:09 AM
Hi,
is it possible to use SSL-VPN (anyconnect) on a Cisco2811 (client -> router) and then using NAT to translate the IP of the client for connecting to the network behind the router?
The problem I see is there is no interface to use "ip nat inside" on the router.
Can you help me?
Thx
03-06-2009 07:02 AM
I am not sure I understand your question. What exactly are you trying to do?
You can use AnyConnect on a 2811 as long as you are running 12.4(15)T1 advipservices or higher.
03-07-2009 12:13 PM
The SSL-VPN connection works fine but I want to NAT (PAT) the IP-address of the VPN-client to the network behind the router, there is a dial-up connection (ISDN) to the customer. Do you understand me?
03-06-2009 11:15 AM
Since you can assign the SSL client an IP address from a pool in the router you should not require NAT. The Pool subnet you assign to the client can be in any subnet you want - even the local LAN subnet.
So, to answer your question I don't beleive there is a way to NAt the client IP, but since you can control the IP assigned to the client, there should be no need to run NAT.
03-07-2009 12:21 PM
This is correct, I can assign each IP to the client. But i want to PAT (dynamic NAT) the clients IP to the customer with an official IP.
03-24-2009 01:35 PM
There is a document in the Cisco support site that explains this. I would post the link, but Since you have access to this forum, then it is a matter of using the search tool on the webpage.
In a nut shell, just add the IP ranges you want natted to the PAT scope, and voila. There is also an alternate way involving either route-maps or the webvpn config itself. However its easier for you.
03-30-2009 01:33 AM
Thank you for your hint.
Can you help me again with posting the link to this document?
Thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide