Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT to loopback? (but not NAT on a stick)

I have a config that builds IPsec tunnel to a Head end from a 871 spoke. Customer now wants content filtering enabled. We want to route the filtering requests thru the IPsec tunnel back to the content filter server - this works so far. Problem is we do not have a GRE tunnel and can only use the Loppback interface as the Nat outside for this specific traffic. All remote sites have same Lan subnet. We can get the "allowed" response (routee is using websense wisp protocol and proxy's all requests) but cannot get the block pages because content filter does not have a route back to spokes Lan, only to its loopback. Sample of what I am doing is attached. Just can't get the block pages to show up on workstations behind spoke router.

Everyone's tags (2)
1186
Views
0
Helpful
0
Replies
CreatePlease to create content