I have clients connectiong to a Router (878)using the VPN Client, they can access what they need internally.
A new requirment has come up, there is an externally hosted server that has IP restrictions so that only a range of internal addresses can access it.
The question is when the VPN client is connected and it picks up an internal address how can I allow access from inside out to this one host. I had thought of split tunneling but the connection needs to come from the Internal lan and in this case that does not seem like it will work. There is only one Internet connection, there are no proxies internally I could use.
Will this work? if so what is the best way of accomplishing this.
i will need to search my docs but i am pretty sure i have a example... in any case here is some more info
do split tunneling and include this traffic from pool to server in that
next on your outside i will do source based routing directing all traffic from pool ip to the public server ip to loopback using the set interface command
and then classify this loopback as internal by making ip nat inside so that anything going out from this interface will be natted/patted to your interface ip and now your server will recognise it
hope this helps
ip access-list extended split
ip access-list extended vpn
match acl vpn
set interface loopback0
ip nat inside
include the traffic from pool ip to server in the nat acl's
if this is difficult please paste your config i will try to put it accordingly