11-20-2009 12:49 PM - edited 02-21-2020 04:23 PM
Is it possible to use the Same tunnel end point ip address as a static NAT address?
LAN1--->Router>>>STATIC NAT>>>>IPSEC<<<Internet>>> Reverse Process
11-20-2009 02:59 PM
Is it possible to use the Same tunnel end point ip address as a static NAT address?
LAN1--->Router>>>STATIC NAT>>>>IPSEC<<
>> Reverse Process
Not sure what you are asking here ?
The tunnel end point needs to be assigned to an interface such as the outside interface. You can indeed also use this address to NAT internal clients.
Jon
11-20-2009 04:42 PM
Hi,
host 10.10.10.1 router 1.1.1.1 [[[ Internet + IPSec ]]]]
My understanding is , you are asking if you can NAT the internal host 10.10.10.1 to the router's public ip addr 1.1.1.1 or not ? Where 1.1.1.1 is the tunnel end point for Ipsec. Please correct me if am wrong.
If thats is what you are asking , then here is your answer:-
""It would be like static nat for interface to an inside address so anything coming at interface will get translated including upd 500. Hence Ipsec will fail""
So instead using the router's public ip address, use any free available ip address if you have any.
Hope this answers your questions
Regards
M
11-21-2009 11:08 AM
Hi,
As long as you map the required ports (TCP or UDP) only for the application, the Ports for IPSEC dont get forwarded and you get to create a VPN tunnel to the Interface.
see this below example.mapping port 25 to inside ip 192.168.1.20.
static (inside,outside) tcp interface 25 192.168.1.20 25 netmask 255.255.255.255
Regards
Durga Prasad
Rate if this helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: