NAT from VPN Client to a Site-toSite IPSec VPN

Unanswered Question
Feb 8th, 2010
User Badges:

I used to have VPDN clients (Using PPTP) which I want to migrate to IPSec VPN Clients using the Cisco VPN Client.  Traffic from these users was being translated (NAT) when going out to a site-to-site VPN.  This was possibile by setting the VPDN virtual-template interface to 'ip nat inside'.


There is no virtual-template for IPSec VPN clients.  How can I get traffic coming from these IPSec VPN Clients to be translated?


Any ideas appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dvella Thu, 03/18/2010 - 14:26
User Badges:

Hi All,


Just to let you know that after opening a TAC case, I managed to resolve this particular problem.


The way to handle these VPN Client connections is to create a loopback interface and set this interface to be "ip nat inside".  Then you need to set up a route-map so that all traffic coming from the VPN Client is sent to the Loopback interface.


In this way, traffic from the VPN Clients is translated as it is going from the 'inside' loopback interface to the 'outside'' interface going to the Site-To-Site IPSec VPN.  The link below gives some guidance ... although it is not an identical scenario



http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml


Cheers,

Denis

Actions

This Discussion