nat on a VPN tunnel and Cisco Client

Unanswered Question
Apr 2nd, 2009

Hi, all , heres is the issue and i cand find the solution.

Well i have the tipic scenario o f a vpn, first were trying to make a VPN tunnel from a central site, to another point in colombia, we are using a Cisco 1801 (MPC8500) processor (revision 0x400) with 236544K/25600K bytes of memory. & Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(15)T7.

an the other side of the vpn tunnel is a Checkpoint, i ignore other details about that equipment, and they ask to us that we send our traffic with an ip source of our Public IP, so, no problem in our acl we cipher trafic with our public ip addres,going to the private addressing, and we send it in the ipsec tunnel, so no big deal, we are using PAT, with a Fa0 (inside 10.200.150.0/24) to a Di1(ADSL, outside Static Address), so no problem here, but then they ask to us to configure a VPN client for cisco, so we do the dynamic map, and so on, it work, clients want to access to Site LAN (vpn ip pool is 10.200.151.1 - 25 ) and it works too, but then they want to get the traffic going from a vpnClient going to another point in the l2l tunnel, to colombia, but, we must NAT that trafic, in order to reach the other point but if the traffic is entering the router, in an outside interface, how can we NAT that traffic to go out the tunnel to colombia. ive been reading like 2 weeks in cisco sites, forums, experts exchange and so on, and i havent found an answer yet, i've found DMVPN, and our case is like a HUB enviroment,but all the examples are using Private addressing, and none nats on a VPN tunnel, and i cant found a solution, any help will be appreciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
axyalms08 Wed, 04/15/2009 - 07:27

thx for the reply, but i wasnt clear enough, my problem is that i want to nat on l2l tunnel, and communicate a remote access vpn to the l2l tunnel, but the problem its that its useless to do 'ip nat inside..' since traffic comes from the outside interface and came out in the same interface, can a cisco router do that? the router its like a HUB in DMVPN, but the problem is that the other l2l point its a checkpoint equipment wich i cant touch, so i must do all in the router, and idk if this is posible, my case looks similar to this http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Virtual%20Private%20Networks&topic=Security&topicID=.ee6b2b8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd26dad

Ty in advance

dvella Mon, 02/08/2010 - 15:38

Sorry to bother you, but I'm finding a similar problem (I've just posted another question).

Did you manage to resolve this?  Thanks.

axyalms08 Mon, 02/08/2010 - 16:39

No, sry, i could'nt solve it, seems like routers can do that , but firewalls can.

If u got this can u let me know?

Ty in advance.

Actions

This Discussion