SSL-VPN and NAT?

mig · ‎03-06-2009

Hi,

is it possible to use SSL-VPN (anyconnect) on a Cisco2811 (client -> router) and then using NAT to translate the IP of the client for connecting to the network behind the router?

The problem I see is there is no interface to use "ip nat inside" on the router.

Can you help me?

Thx

auraza · ‎03-06-2009

I am not sure I understand your question. What exactly are you trying to do?

You can use AnyConnect on a 2811 as long as you are running 12.4(15)T1 advipservices or higher.

mig · ‎03-07-2009

The SSL-VPN connection works fine but I want to NAT (PAT) the IP-address of the VPN-client to the network behind the router, there is a dial-up connection (ISDN) to the customer. Do you understand me?

HEATH FREEL · ‎03-06-2009

Since you can assign the SSL client an IP address from a pool in the router you should not require NAT. The Pool subnet you assign to the client can be in any subnet you want - even the local LAN subnet.

So, to answer your question I don't beleive there is a way to NAt the client IP, but since you can control the IP assigned to the client, there should be no need to run NAT.

mig · ‎03-07-2009

This is correct, I can assign each IP to the client. But i want to PAT (dynamic NAT) the clients IP to the customer with an official IP.

pedrulesall · ‎03-24-2009

There is a document in the Cisco support site that explains this. I would post the link, but Since you have access to this forum, then it is a matter of using the search tool on the webpage.

In a nut shell, just add the IP ranges you want natted to the PAT scope, and voila. There is also an alternate way involving either route-maps or the webvpn config itself. However its easier for you.

mig · ‎03-30-2009

Thank you for your hint.

Can you help me again with posting the link to this document?

Thx