i have a 2821 hooked up to my isp and my lan. the isp interface is configured with a ip only routed inside the isp network. the inside ip is routed worldwide. now when i try to connect to a network outside the isp directly from the router the package get dropped at the isp border router.
can i tell the ios to use insides interface ip for source ip of outgoing connection? normaly you dont need that but i have a webvpn running on the box and no outside http servers are reachable because of that.
i want to initiate traffic from the router itself. not the networks behind the router, they are working well.
i know that i can choose the source address while using the ping command. but other traffic initiated by the router, in my case webvpn, should also have the inside ip as source addresse.
Basically it looks like this:
inet -> provider -[transfernet] -> my router -> my lan
My webvpn is running on inside interface, when a client connects from the internet and initiates a http connection to the internet my router uses the outside ip as source address. but the transfernetwork is only routed inside the provider backbone. so the packages get dropped at the edge. my lan networks are routed propper, also from the internet.
Think I understand. Your problem is webvpn not permitting Internet traffic to work correctly to the remote client (bouncing off your internal network). I'm unfamiliar with webvpn, but its solution might be allowance of split tunneling from the remote host. However, I can see reasons for doing what you want, such as additional security to/from the Internet.
Again, unfamiliar with webvpn. If I've stated the problem correctly, and no one else responds on this forum, you might try a post in the VPN forum.
Some other traffic types, from the router, can be told to have a specified source address.
A Client on the internet authenticates at webvpn running on 112.229. Requesting a website 188.8.131.52, the router gets the website from 184.108.40.206 over his outside interface 220.127.116.11 and delivers the page to the client on the internet. Some sort of proxy. The router is the client for the webserver, initiating the connection to the webserver, rewriting the http content and sends it to to the client.
the client ip has not to be modified, it is the routers ip address while getting the http content from the internet.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...