vpn with nat query

Unanswered Question
Aug 31st, 2010

Hi,


Given the following setup: Router A connected to router B with VPN enabled between both routers for all traffic.  The vpn endpoint on router B is int f0/0.  Now let's say i wish to enable nat for all IP traffic coming from int f0/0 of router B so that it will be natted when it goes out its int f1/0, is this option feasible? Is it possible to enable both vpn and nat on the same int, in this case f0/0?  I am thinking that this may not work since the nat process on int f0/0 will not see any traffic since it is encrypted when it enters the int.  A solution i am thinking would be to create a tunnel interface on both routers A and B and configure "ip nat inside" on the tunnel interface of router B.


Would really appreciate your expert thoughts on this.


Thank in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcusbrutus Tue, 08/31/2010 - 18:56

Am thinking that maybe i should just configure the vpn for transport mode to avoid the added load of setting up a gre tunnel.


Would appreciate anyone's expert opinion on this.


Thanks.

Lei Tian Wed, 09/01/2010 - 03:51

Hi,


It is ok to have crypto-map and nat on same interface. The router will decrypt first and then nat.


HTH,

Lei Tian

Actions

This Discussion