cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
559
Views
0
Helpful
3
Replies

Policy based NAT on VPN

winpwnkmr
Level 1
Level 1

Hi,

I have a query on Policy NAT for VPN:

I am doing hide natting few servers against one public IP and configured tunnel as that IP as our encryption domain IP. As server are hide natted against the IP, so from outside no traffic is allowed.

Now I have another requirement that, some of the client want access to same servers over the VPN from their end, so first of all, is it possible? Can it be acheived through Policy NAT, if yes, any such example would be great help.

Thanks,

Pawan

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

Unfortunately policy NAT only works in the one direction since it's dynamically NATing multiple servers to 1 public ip address, the reverse direction is not supported.

For client access to servers, you would need to configure 1:1 static NAT, or 1:1 static port address redirection.

Hope that answers your question.

So that means, same servers can be hide NAT for some clients as well as static NAT for some of the clients throgh Policy NAT over the VPN. Pls. suggest.

Thanks,

Pawan

No, you would need to change your policy NAT to static NAT. You can't configure both at the same time.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: