Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
1
Replies

NAT from VPN Client to a Site-toSite IPSec VPN

dvella
Level 1
Level 1

‎02-08-2010 03:08 PM - edited ‎02-21-2020 04:29 PM

I used to have VPDN clients (Using PPTP) which I want to migrate to IPSec VPN Clients using the Cisco VPN Client.  Traffic from these users was being translated (NAT) when going out to a site-to-site VPN.  This was possibile by setting the VPDN virtual-template interface to 'ip nat inside'.

There is no virtual-template for IPSec VPN clients.  How can I get traffic coming from these IPSec VPN Clients to be translated?

Any ideas appreciated.

Labels:
0 Helpful
1 Reply 1

dvella
Level 1
Level 1

‎03-18-2010 02:26 PM

Hi All,

Just to let you know that after opening a TAC case, I managed to resolve this particular problem.

The way to handle these VPN Client connections is to create a loopback interface and set this interface to be "ip nat inside".  Then you need to set up a route-map so that all traffic coming from the VPN Client is sent to the Loopback interface.

In this way, traffic from the VPN Clients is translated as it is going from the 'inside' loopback interface to the 'outside'' interface going to the Site-To-Site IPSec VPN.  The link below gives some guidance ... although it is not an identical scenario

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml

Cheers,

Denis

0 Helpful
Customers Also Viewed These Support Documents