NAT and ezVPN on the same IP/Interface

Unanswered Question
Apr 28th, 2009
User Badges:

I'm trying to configure a Cisco 857 ADSL router to do both NAT for internal clients and serve as a VPN concentrator for clients on the public internet.

I can get it to do either but not both.

I have tried to exclude UDP connections to port 500 from the NAT rules but it seems I don't have sufficient knowledge of Cisco to achieve this.

I have a dialer1 interface which shows OUTSIDE_IP2 as its assigned IP address when issuing a show interface dialer1.

I then have the following NAT rules:

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

ip nat inside source static INSIDE_IP1 OUTSIDE_IP1

ip nat inside source static INSIDE_IP2 OUTSIDE_IP2

ip nat inside source static INSIDE_IP3 OUTSIDE_IP3

ip nat inside source static INSIDE_IP4 OUTSIDE_IP4

SDM_RMAP_1 is defined as:

route-map SDM_RMAP_1 permit 1

match ip address 100

while access-list 100 is:

access-list 100 remark SDM_ACL Category=2

access-list 100 deny ip any VPN_IP_BASE

access-list 100 permit ip any any

Any help on how to re-write these nat rules so they do exactly what they do now but allow a VPN to either OUTSIDE_IPx address (I think I can only use the one assigned to dialer1?) would be greatly appreciated.

Thanks a lot.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion