i have configured a vpn between a router 1760 with adsl interface (ezvpn client) and a cisco concentrator 3005. the concentrator has got a static ip, the router has dynamic ip´s. now i have to translate the local ip´s at the end of the router. but when i configure nat at the router, i haven´t access to the other site of the vpn. can anybody explain this, or have anybody a sample config for me ?
EzVPN Phase II (available in 12.2(15)T and up) includes NAT interoperability support. Basically you configure NAt on the router for your Internet access, but when the VPN tunnel is up this overrides the configured NAT, then when the tunnel is torn down the configured NAT comes back in. See
for details. You should be able to run this code and configure your NAT as normal, and EzVPN will sort it all out for you depending on whether the tunnel is up or not.
If I've gotten the wrong impression of your situation (it's a little unclear), please provide configs and a more detailed explanation than "now i have to translate the local ip´s at the end of the router." cause this is unclear to me.
the net, where the router is placed has the ip 10.20.30.0/24. but i can´t route this net from my side. the source ip´s must be translate from 10.20.30.0 to 10.110.20.0. but when the tunnel is up, nat don´t works.
can i configure the vpn other than with the EzVPN Phase II ? I think not, because the router have to work as a vpn client, because it has no static ip . . .
So you have to NAt over the tunnel, not out to the Internet, is that right? Hmmm, yeah, I don't see how that's going to work cause EzVPN specifically assumes that you don't need to NAT when the tunnel is up and it'll stop any configured NAT.
You could configure a standard LAN-to-LAN tunnel rather than EzVPN, then you could NAT the traffic before it gets encrypted.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :