Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN behind NAT

I am in the situation where i can not have more than 1 public IP address in one of my branch offices, and the possible soution with available hardware is going to be look like this,

INTERNAL SWITCH(OFFICE LAN) 10.250.1.0/24

|

|

CISCO ASA 5510 (NAT/PAT/VPN)

|

|

CISCO 1841

|

|

-------INTERNET--------

|

|

Cisco 837(NAT)public IP address

|

|

Watchgaurd X15 (VPN/NAT)

WAN PORT: 192.168.0.254

INTERNAL: 10.250.2.254

|

|

INTERNAL SWITCH(Office LAN 10.250.2.0/24)

A SITE TO SITE VPN tunnel needs to be establish between CISCO ASA in HEADOFFICE and WATCHGAURD in BRANCHOFFICE, Can anyone have a look to see if this will work without any problems, primarily the branch office will run CITRIX sessions over the VPN.

5 REPLIES
New Member

Re: VPN behind NAT

INTERNAL SWITCH(OFFICE LAN) 10.250.1.0/24

|

|

CISCO ASA 5510 (NAT/PAT/VPN)

(Configure public ip on interface connected to 1841 router and do NAT over here)

|

|

CISCO 1841

(Configure another IP address on same segment on interface connected to ASA. Give defaut route to serial interface)

|

|

-------INTERNET--------

|

|

Cisco 837(NAT)public IP address

|

|

Watchgaurd X15 (VPN/NAT)

WAN PORT: 192.168.0.254

INTERNAL: 10.250.2.254

|

|

INTERNAL SWITCH(Office LAN 10.250.2.0/24)

If you do in the above way, I think it should work.

Please rate the posts if helpfull.

Regards,

Suresh Jain

New Member

Re: VPN behind NAT

Its exactly what i intend to do, I am only nervous about the cisco837/Watchgaurd Side of the network where NAT over NAT situation is.

Muhammad

New Member

Re: VPN behind NAT

Hi,

All we need todo is Configure Nat in the Firewall and Configure the Routers Serial Interface as unnumbered to Eth.

Totall atlease 2 Pub Add is needed.

Regards

Danny

New Member

Re: VPN behind NAT

any comments on running NAT over NAT in branch office side of network, i have no proglem in headoffice, have enough resources.

thanks

Muhammad

New Member

Re: VPN behind NAT

You can do NAT over NAT without any problem, but be carefull while configuring.

Rate the post if helpfull,

Regards,

Suresh Jain

282
Views
0
Helpful
5
Replies
CreatePlease login to create content