Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing incoming VPN clients to NAT to the Internet

Morning All,

Currently I have an 871 with advanced ip services using NAT at a remote site. The router has been successfully configured to accept remote access ipsec connections, and traffic is flowing correctly.

I would like to be able to have those connecting through vpn to also have access to the internet.

There is no requirement that users encrypt traffic bound for the internet, so I would prefer to keep traffic not destined for the private network to stay out in the open.

Is this something that can be accomplished using split tunnels or is there some magic that needs to be done on the remote router with NAT?

Thanks in Advance!

Steve

1 REPLY
New Member

Re: Allowing incoming VPN clients to NAT to the Internet

I think you can use split tunneling or use command same-security-traffic permit {intra-interface} to permit communication in and out of the same interface when traffic is IPSec-protected.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

99
Views
0
Helpful
1
Replies
CreatePlease login to create content